diff --git a/patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch b/patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch
new file mode 100644
index 0000000..2b8de78
--- /dev/null
+++ b/patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch
@@ -0,0 +1,38 @@
+From: Michal Grzedzicki <mge@meta.com>
+Date: Mon, 11 Sep 2023 10:03:40 -0700
+Subject: scsi: pm80xx: Avoid leaking tags when processing
+ OPC_INB_SET_CONTROLLER_CONFIG command
+Git-commit: c13e7331745852d0dd7c35eabbe181cbd5b01172
+Patch-mainline: v6.6-rc2
+References: bsc#1220883 cve-2023-52500
+
+Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed
+when we receive the response.
+
+Signed-off-by: Michal Grzedzicki <mge@meta.com>
+Link: https://lore.kernel.org/r/20230911170340.699533-2-mge@meta.com
+Acked-by: Jack Wang <jinpu.wang@ionos.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Acked-by: Lee Duncan <lduncan@suse.com>
+---
+ drivers/scsi/pm8001/pm80xx_hwi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/scsi/pm8001/pm80xx_hwi.c b/drivers/scsi/pm8001/pm80xx_hwi.c
+index 1b2c40b1381c..3afd9443c425 100644
+--- a/drivers/scsi/pm8001/pm80xx_hwi.c
++++ b/drivers/scsi/pm8001/pm80xx_hwi.c
+@@ -3671,10 +3671,12 @@ static int mpi_set_controller_config_resp(struct pm8001_hba_info *pm8001_ha,
+ 			(struct set_ctrl_cfg_resp *)(piomb + 4);
+ 	u32 status = le32_to_cpu(pPayload->status);
+ 	u32 err_qlfr_pgcd = le32_to_cpu(pPayload->err_qlfr_pgcd);
++	u32 tag = le32_to_cpu(pPayload->tag);
+ 
+ 	pm8001_dbg(pm8001_ha, MSG,
+ 		   "SET CONTROLLER RESP: status 0x%x qlfr_pgcd 0x%x\n",
+ 		   status, err_qlfr_pgcd);
++	pm8001_tag_free(pm8001_ha, tag);
+ 
+ 	return 0;
+ }
+
diff --git a/series.conf b/series.conf
index 639e156..97bdd06 100644
--- a/series.conf
+++ b/series.conf
@@ -22740,6 +22740,7 @@
 	patches.suse/scsi-qla2xxx-Use-raw_smp_processor_id-instead-of-smp.patch
 	patches.suse/scsi-qla2xxx-Fix-NULL-vs-IS_ERR-bug-for-debugfs_crea.patch
 	patches.suse/scsi-qedf-Add-synchronization-between-I-O-completion.patch
+	patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch
 	patches.suse/scsi-lpfc-Fix-the-NULL-vs-IS_ERR-bug-for-debugfs_cre.patch
 	patches.suse/scsi-lpfc-Early-return-after-marking-final-NLP_DROPP.patch
 	patches.suse/scsi-lpfc-Prevent-use-after-free-during-rmmod-with-m.patch