diff --git a/backport-fix-memory-leak-in-tls_parse_ctos_psk.patch b/backport-fix-memory-leak-in-tls_parse_ctos_psk.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9f72a39c17341f5fe24abebb67d2b5185fc7b96d
--- /dev/null
+++ b/backport-fix-memory-leak-in-tls_parse_ctos_psk.patch
@@ -0,0 +1,38 @@
+From b2474b287fbc7a24f0aa15e6808c6e3ef8287f23 Mon Sep 17 00:00:00 2001
+From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
+Date: Wed, 9 Oct 2024 15:42:37 +0200
+Subject: [PATCH 01/11] Fix memory leak in tls_parse_ctos_psk()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+`sess` is not NULL at this point, and is freed on the success path, but
+not on the error path. Fix this by going to the `err` label such that
+`SSL_SESSION_free(sess)` is called.
+
+CLA: trivial
+
+Reviewed-by: Saša Nedvědický <sashan@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/25643)
+---
+ ssl/statem/extensions_srvr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
+index 51ea74b..ffdd08b 100644
+--- a/ssl/statem/extensions_srvr.c
++++ b/ssl/statem/extensions_srvr.c
+@@ -1078,7 +1078,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+ 
+             if (sesstmp == NULL) {
+                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+-                return 0;
++                goto err;
+             }
+             SSL_SESSION_free(sess);
+             sess = sesstmp;
+-- 
+2.43.0
+
diff --git a/openssl.spec b/openssl.spec
index 03cfcea3125acb1e230474db77898c7145865e27..1c516a5984ce73766eed02d01920979ce18cb39d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     3.0.12
-Release:     11
+Release:     12
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -53,6 +53,7 @@ Patch41:     Backport-CVE-2024-6119-Avoid-type-errors-in-EAI-related-name-check-
 
 Patch9000:   add-FIPS_mode_set-support.patch
 Patch9001:   backport-CVE-2024-9143-Harden-BN_GF2m_poly2arr-against-misuse.patch
+Patch9002:   backport-fix-memory-leak-in-tls_parse_ctos_psk.patch
 
 BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@@ -253,6 +254,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Sun Oct 20 2024 xiaozai <xiaozai@kylinos.cn> - 1:3.0.12-12
+- fix memory leak in tls_parse_ctos_psk() 
+
 * Thu Oct 17 2024 liningjie <liningjie@xfusion.com> - 1:3.0.12-11
 - fix CVE-2024-9143