diff --git a/backport-CVE-2022-1154.patch b/backport-CVE-2022-1154.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e4d10c8fedddd33466c839c44a1b7e6c63eb9a5f
--- /dev/null
+++ b/backport-CVE-2022-1154.patch
@@ -0,0 +1,59 @@
+From b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Tue, 29 Mar 2022 13:24:58 +0100
+Subject: [PATCH] patch 8.2.4646: using buffer line after it has been freed
+
+Problem:    Using buffer line after it has been freed in old regexp engine.
+Solution:   After getting mark get the line again.
+---
+ src/regexp_bt.c                   | 9 +++++++++
+ src/testdir/test_regexp_latin.vim | 7 +++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/regexp_bt.c b/src/regexp_bt.c
+index e017ba5..ff92576 100644
+--- a/src/regexp_bt.c
++++ b/src/regexp_bt.c
+@@ -3188,8 +3188,17 @@ regmatch(
+ 		int	mark = OPERAND(scan)[0];
+ 		int	cmp = OPERAND(scan)[1];
+ 		pos_T	*pos;
++		size_t	col = REG_MULTI ? rex.input - rex.line : 0;
+ 
+ 		pos = getmark_buf(rex.reg_buf, mark, FALSE);
++
++		// Line may have been freed, get it again.
++		if (REG_MULTI)
++		{
++		    rex.line = reg_getline(rex.lnum);
++		    rex.input = rex.line + col;
++		}
++
+ 		if (pos == NULL		     // mark doesn't exist
+ 			|| pos->lnum <= 0    // mark isn't set in reg_buf
+ 			|| (pos->lnum == rex.lnum + rex.reg_firstlnum
+diff --git a/src/testdir/test_regexp_latin.vim b/src/testdir/test_regexp_latin.vim
+index 5b1db5a..a242d91 100644
+--- a/src/testdir/test_regexp_latin.vim
++++ b/src/testdir/test_regexp_latin.vim
+@@ -152,10 +152,17 @@ endfunc
+ 
+ func Test_using_mark_position()
+   " this was using freed memory
++  " new engine
+   new
+   norm O0
+   call assert_fails("s/\\%')", 'E486:')
+   bwipe!
++
++  " old engine
++  new
++  norm O0
++  call assert_fails("s/\\%#=1\\%')", 'E486:')
++  bwipe!
+ endfunc
+ 
+ func Test_using_invalid_visual_position()
+-- 
+1.8.3.1
+
diff --git a/vim.spec b/vim.spec
index 718898dae6611a43ceadea08ed3c1adda609675a..a3ce0f80a9fca07409a78de257b7084debb3c8a7 100644
--- a/vim.spec
+++ b/vim.spec
@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        32
+Release:        33
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -94,6 +94,7 @@ Patch6057:      backport-CVE-2022-0943.patch
 Patch6058:	backport-CVE-2021-4069.patch
 Patch6059:      backport-CVE-2022-0629.patch
 Patch6060:      backport-CVE-2022-1616.patch
+Patch6061:      backport-CVE-2022-1154.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 
@@ -482,6 +483,12 @@ popd
 %{_mandir}/man1/evim.*
 
 %changelog
+* Mon May 16 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-33
+- Type:CVE
+- ID:CVE-2022-1154
+- SUG:NA
+- DESC:fix CVE-2022-1154
+
 * Mon May 09 2022 shangyibin <shangyibin1@h-partners.com> - 2:8.2-32
 - Type:CVE
 - ID:CVE-2022-1616