diff --git a/patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch b/patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
new file mode 100644
index 0000000..784b98c
--- /dev/null
+++ b/patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
@@ -0,0 +1,62 @@
+From: Zhipeng Lu <alexious@zju.edu.cn>
+Date: Sun, 24 Dec 2023 16:20:33 +0800
+Subject: [PATCH] SUNRPC: fix a memleak in gss_import_v2_context
+Git-commit: e67b652d8e8591d3b1e569dbcdfcee15993e91fa
+Patch-mainline: v6.9-rc1
+References: git-fixes
+
+The ctx->mech_used.data allocated by kmemdup is not freed in neither
+gss_import_v2_context nor it only caller gss_krb5_import_sec_context,
+which frees ctx on error.
+
+Thus, this patch reform the last call of gss_import_v2_context to the
+gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
+formation.
+
+Fixes: 47d848077629 ("gss_krb5: handle new context format from gssd")
+Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ net/sunrpc/auth_gss/gss_krb5_mech.c |   15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
++++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
+@@ -584,6 +584,7 @@ gss_import_v2_context(const void *p, con
+ 		gfp_t gfp_mask)
+ {
+ 	int keylen;
++	int ret;
+ 
+ 	p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags));
+ 	if (IS_ERR(p))
+@@ -638,16 +639,22 @@ gss_import_v2_context(const void *p, con
+ 
+ 	switch (ctx->enctype) {
+ 	case ENCTYPE_DES3_CBC_RAW:
+-		return context_derive_keys_des3(ctx, gfp_mask);
++		ret = context_derive_keys_des3(ctx, gfp_mask);
++		break;
+ 	case ENCTYPE_ARCFOUR_HMAC:
+-		return context_derive_keys_rc4(ctx);
++		ret = context_derive_keys_rc4(ctx);
++		break;
+ 	case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+ 	case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
+-		return context_derive_keys_new(ctx, gfp_mask);
++		ret = context_derive_keys_new(ctx, gfp_mask);
++		break;
+ 	default:
+-		return -EINVAL;
++		ret = -EINVAL;
+ 	}
+ 
++	if (ret)
++		kfree(ctx->mech_used.data);
++	return ret;
+ out_err:
+ 	return PTR_ERR(p);
+ }
diff --git a/series.conf b/series.conf
index 94cac11..b2faa06 100644
--- a/series.conf
+++ b/series.conf
@@ -65018,6 +65018,7 @@
 	patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch
 	patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch
 	patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch
+	patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
 	patches.suse/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array.patch
 	patches.suse/NFSD-Reset-cb_seq_status-after-NFS4ERR_DELAY.patch
 	patches.suse/NFSD-Retransmit-callbacks-after-client-reconnects.patch