diff --git a/backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch b/backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch
new file mode 100644
index 0000000000000000000000000000000000000000..66ecfdae854dcd2308dde5a174006810aea1b668
--- /dev/null
+++ b/backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch
@@ -0,0 +1,44 @@
+From 32ebaa0dbca5d0bb86e384e72bebc153f48413e4 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 23 Feb 2022 11:18:13 +0000
+Subject: [PATCH] upstream: avoid integer overflow of auth attempts
+(harmless,caught by monitor)
+
+OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86
+
+Reference:https://github.com/openssh/openssh-portable/commit/32ebaa0dbca5d0
+Conflict:NA
+---
+ auth2.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/auth2.c b/auth2.c
+index 7290d54..0de58e6 100644
+--- a/auth2.c
++++ b/auth2.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: auth2.c,v 1.161 2021/04/03 06:18:40 djm Exp $ */
++/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */
+ /*
+  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+  *
+@@ -290,6 +290,8 @@ if (options.check_user_splash)
+ 	if ((style = strchr(user, ':')) != NULL)
+ 		*style++ = 0;
+ 
++	if (authctxt->attempt >= 1024)
++		auth_maxtries_exceeded(ssh);
+ 	if (authctxt->attempt++ == 0) {
+ 		/* setup auth context */
+ 		authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
+@@ -298,6 +300,7 @@ if (options.check_user_splash)
+ 			authctxt->valid = 1;
+ 			debug2_f("setting up authctxt for %s", user);
+ 		} else {
++           authctxt->valid = 0;
+ 			/* Invalid user, fake password information */
+ 			authctxt->pw = fakepw();
+ 		}
+-- 
+2.23.0
+
diff --git a/openssh.spec b/openssh.spec
index 6f2e7e899b7a2324f0328ac10cd7eda048475b8c..6b9590b82d98b859782e94eb9b6c7cda116cbb8a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 14
+%global openssh_release 15
 
 Name:           openssh
 Version:        8.8p1
@@ -105,6 +105,7 @@ Patch72:        backport-upstream-a-little-extra-debugging.patch
 Patch73:        backport-upstream-better-debugging-for-connect_next.patch
 Patch74:        add-loongarch.patch
 Patch75:        backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch
+Patch76:        backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -258,6 +259,7 @@ popd
 %patch73 -p1
 %patch74 -p1
 %patch75 -p1
+%patch76 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -459,6 +461,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Thu Dec 29 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-15
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:avoid integer overflow of auth attempts
+
 * Fri Dec 16 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-14
 - Type:bugfix
 - CVE:NA