diff --git a/fix-memory-leak-in-kex-exchange.patch b/fix-memory-leak-in-kex-exchange.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b067707532287b21588a4d5f1a8bf5da6b135e9a
--- /dev/null
+++ b/fix-memory-leak-in-kex-exchange.patch
@@ -0,0 +1,11 @@
+diff -Nur openssh-8.2p1_o/sshconnect2.c openssh-8.2p1/sshconnect2.c
+--- openssh-8.2p1_o/sshconnect2.c	2024-01-26 13:47:44.191861762 +0800
++++ openssh-8.2p1/sshconnect2.c	2024-01-26 13:48:52.354850829 +0800
+@@ -354,6 +354,7 @@
+ 	    (r = ssh_packet_write_wait(ssh)) != 0)
+ 		fatal("%s: %s", __func__, ssh_err(r));
+ #endif
++	free(s);
+ }
+ 
+ /*
diff --git a/openssh.spec b/openssh.spec
index d62e55c2fa92176369b983f28cada442a41c3728..354b6a57c601682e802f8d2c4525bb0c516fd2da 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 29
+%global openssh_release 30
 
 Name:           openssh
 Version:        8.2p1
@@ -105,6 +105,7 @@ Patch71:        backport-fix-CVE-2023-38408-upstream-terminate-process.patch
 Patch72:        set-ssh-config.patch
 Patch73:        backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch
 Patch74:        backport-CVE-2023-48795.patch
+Patch75:        fix-memory-leak-in-kex-exchange.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -282,6 +283,7 @@ popd
 %patch72 -p1
 %patch73 -p1
 %patch74 -p1
+%patch75 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@@ -491,6 +493,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Fri Jan 26 2024 songjuntao<songjuntao@kylinos.cn> - 8.2p1-30
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC: fix memory leak in kex2 exchange function
+
 * Tue Jan 9 2024 renmingshuai<renmingshuai@huawei.cn> - 8.2p1-29
 - Type:CVE
 - CVE:CVE-2023-48795