diff --git a/0028-fixed-use-after-free-detected-by-Coverity.patch b/0028-fixed-use-after-free-detected-by-Coverity.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bed8abb2217ca61297a5de3bef8b100ad91d8cef
--- /dev/null
+++ b/0028-fixed-use-after-free-detected-by-Coverity.patch
@@ -0,0 +1,43 @@
+From 19cfba7624a31bc5790a335158244b29657e9253 Mon Sep 17 00:00:00 2001
+From: Marcin Spiewak <marcin.spiewak@intel.com>
+Date: Fri, 19 Jan 2024 12:30:41 +0100
+Subject: [PATCH] lib/nvme: fixed use-after-free detected by Coverity
+
+If cuse_nvme_ctrlr_update_namespaces(ctrlr_device) fails,
+the cuse_nvme_ctrlr_stop(ctrlr_device) function is called. This
+function frees ctrl_device, and also clears/frees bit arrays,
+so there is no need to jump to clear_and_free label, as these
+operations ale already done. Just return with appropriate error
+code.
+If there is a jump, we will try to access already freed memory
+(ctrl_device->index) in line 1213
+
+Change-Id: I4217c3783a22781feabbae9735d44479c5f511d9
+Signed-off-by: Marcin Spiewak <marcin.spiewak@intel.com>
+Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/21518
+Community-CI: Mellanox Build Bot
+Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>
+Reviewed-by: Aleksey Marchuk <alexeymar@nvidia.com>
+Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
+
+---
+ lib/nvme/nvme_cuse.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/nvme/nvme_cuse.c b/lib/nvme/nvme_cuse.c
+index 62d1422..0a78b8e 100644
+--- a/lib/nvme/nvme_cuse.c
++++ b/lib/nvme/nvme_cuse.c
+@@ -904,8 +904,7 @@ nvme_cuse_start(struct spdk_nvme_ctrlr *ctrlr)
+ 	if (cuse_nvme_ctrlr_update_namespaces(ctrlr_device) < 0) {
+ 		SPDK_ERRLOG("Cannot start CUSE namespace devices.");
+ 		cuse_nvme_ctrlr_stop(ctrlr_device);
+-		rv = -1;
+-		goto err3;
++		return -1;
+ 	}
+ 
+ 	return 0;
+-- 
+2.27.0
+
diff --git a/spdk.spec b/spdk.spec
index 64e779c9a1d925e42f3c5f3b72f14e986dfad293..282173098964ca97515f7d8a8231eeeb51d338de 100644
--- a/spdk.spec
+++ b/spdk.spec
@@ -3,7 +3,7 @@
 
 Name: spdk
 Version: 21.01.1
-Release: 14
+Release: 15
 Summary: Set of libraries and utilities for high performance user-mode storage
 License: BSD and MIT
 URL: http://spdk.io
@@ -35,6 +35,7 @@ Patch24: 0024-Fix-build-warning.patch
 Patch25: 0025-ut-rdma-Fix-GCC-10.2.0-warning.patch
 Patch26: 0026-lib-nvme-add-mutex-before-submit-admin-request.patch
 Patch27: 0027--nvme-cuse-Add-ctrlr_lock-for-cuse-register-and-unreg.patch
+Patch28: 0028-fixed-use-after-free-detected-by-Coverity.patch
 
 %define package_version %{version}-%{release}
 
@@ -205,6 +206,9 @@ mv doc/output/html/ %{install_docdir}
 
 
 %changelog
+* Mon May 20 2024 yanshuai <yanshuai01@kylinos.cn> - 21.01.1-15
+- lib/nvme: fixed use-after-free detected by Coverity
+
 * Mon May 20 2024 Hongtao Zhang <zhanghongtao22@huawei.com> - 21.01.1-14
 - nvme/cuse: Add ctrlr_lock for cuse register and unregister