diff --git a/backport-CVE-2022-2639.patch b/backport-CVE-2022-2639.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bc435815637e6402e6be318a5f2b4710250d031a
--- /dev/null
+++ b/backport-CVE-2022-2639.patch
@@ -0,0 +1,36 @@
+From cefa91b2332d7009bc0be5d951d6cbbf349f90f8 Mon Sep 17 00:00:00 2001
+From: Paolo Valerio <pvalerio@redhat.com>
+Date: Fri, 15 Apr 2022 10:08:41 +0200
+Subject: [PATCH] openvswitch: fix OOB access in reserve_sfa_size()
+
+Given a sufficiently large number of actions, while copying and
+reserving memory for a new action of a new flow, if next_offset is
+greater than MAX_ACTIONS_BUFSIZE, the function reserve_sfa_size() does
+not return -EMSGSIZE as expected, but it allocates MAX_ACTIONS_BUFSIZE
+bytes increasing actions_len by req_size. This can then lead to an OOB
+write access, especially when further actions need to be copied.
+
+Fix it by rearranging the flow action size check.
+
+Conflict:NA
+Reference:https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8
+---
+ datapath/flow_netlink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
+index 0f7ab53..1f04072 100644
+--- a/datapath/flow_netlink.c
++++ b/datapath/flow_netlink.c
+@@ -2322,7 +2322,7 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
+ 	new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
+ 
+ 	if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
+-		if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
++		if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) {
+ 			OVS_NLERR(log, "Flow action size exceeds max %u",
+ 				  MAX_ACTIONS_BUFSIZE);
+ 			return ERR_PTR(-EMSGSIZE);
+-- 
+2.33.0
+
diff --git a/openvswitch.spec b/openvswitch.spec
index a866c4fa1a86ec4b86e595318e475f0fe09b2389..3b94b1b3b785b6f620f776ac4aeb60f94b0c7b8b 100644
--- a/openvswitch.spec
+++ b/openvswitch.spec
@@ -3,7 +3,7 @@ Summary:        Production Quality, Multilayer Open Virtual Switch
 URL:            http://www.openvswitch.org/
 Version:        2.12.4
 License:        ASL 2.0 and ISC
-Release:        8
+Release:        9
 Source:         https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz
 Buildroot:      /tmp/openvswitch-rpm
 Patch0000:      0000-openvswitch-add-stack-protector-strong.patch
@@ -15,6 +15,7 @@ Patch6002:      backport-CVE-2023-5366.patch
 Patch6003:      backport-0001-CVE-2023-3966.patch
 Patch6004:      backport-0002-CVE-2023-3966.patch
 Patch6005:      backport-0003-CVE-2023-3966.patch
+Patch6006:      backport-CVE-2022-2639.patch
 
 Patch9000:      fix-selinux-err.patch
 
@@ -289,6 +290,12 @@ exit 0
 %doc LICENSE
 
 %changelog
+* Fri Mar 29 2024 yanglu <yanglu72@h-partners.com> - 2.12.4-9
+- Type:CVE
+- Id:CVE-2022-2639
+- SUG:NA
+- DESC:fix CVE-2022-2639
+
 * Tue Feb 20 2024 zhangpan <zhangpan103@h-partners.com> - 2.12.4-8
 - fix CVE-2023-3966