diff --git a/patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch b/patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
new file mode 100644
index 0000000..7ba4069
--- /dev/null
+++ b/patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
@@ -0,0 +1,64 @@
+From: Mike Christie <michael.christie@oracle.com>
+Date: Tue, 17 Jan 2023 13:39:37 -0600
+Subject: scsi: iscsi_tcp: Fix UAF during login when accessing the shost
+ ipaddress
+Git-commit: f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3
+Patch-mainline: v6.2-rc6
+References: bsc#1210647 CVE-2023-2162
+
+If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails,
+userspace could be accessing the host's ipaddress attr. If we then free the
+session via iscsi_session_teardown() while userspace is still accessing the
+session we will hit a use after free bug.
+
+Set the tcp_sw_host->session after we have completed session creation and
+can no longer fail.
+
+[lduncan: hand-applied hunk3]
+
+Link: https://lore.kernel.org/r/20230117193937.21244-3-michael.christie@oracle.com
+Signed-off-by: Mike Christie <michael.christie@oracle.com>
+Reviewed-by: Lee Duncan <lduncan@suse.com>
+Acked-by: Ding Hui <dinghui@sangfor.com.cn>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Acked-by: Lee Duncan <lduncan@suse.com>
+---
+ drivers/scsi/iscsi_tcp.c |    9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/iscsi_tcp.c
++++ b/drivers/scsi/iscsi_tcp.c
+@@ -766,7 +766,7 @@ static int iscsi_sw_tcp_host_get_param(s
+ 				       enum iscsi_host_param param, char *buf)
+ {
+ 	struct iscsi_sw_tcp_host *tcp_sw_host = iscsi_host_priv(shost);
+-	struct iscsi_session *session = tcp_sw_host->session;
++	struct iscsi_session *session;
+ 	struct iscsi_conn *conn;
+ 	struct iscsi_tcp_conn *tcp_conn;
+ 	struct iscsi_sw_tcp_conn *tcp_sw_conn;
+@@ -775,6 +775,7 @@ static int iscsi_sw_tcp_host_get_param(s
+ 
+ 	switch (param) {
+ 	case ISCSI_HOST_PARAM_IPADDRESS:
++		session = tcp_sw_host->session;
+ 		if (!session)
+ 			return -ENOTCONN;
+ 
+@@ -862,12 +863,14 @@ iscsi_sw_tcp_session_create(struct iscsi
+ 	if (!cls_session)
+ 		goto remove_host;
+ 	session = cls_session->dd_data;
+-	tcp_sw_host = iscsi_host_priv(shost);
+-	tcp_sw_host->session = session;
+ 
+ 	shost->can_queue = session->scsi_cmds_max;
+ 	if (iscsi_tcp_r2tpool_alloc(session))
+ 		goto remove_session;
++
++	/* We are now fully setup so expose the session to sysfs. */
++	tcp_sw_host = iscsi_host_priv(shost);
++	tcp_sw_host->session = session;
+ 	return cls_session;
+ 
+ remove_session:
diff --git a/series.conf b/series.conf
index 0137c49..b3477a1 100644
--- a/series.conf
+++ b/series.conf
@@ -26839,6 +26839,7 @@
 	patches.suse/HID-check-empty-report_list-in-hid_validate_values.patch
 	patches.suse/HID-betop-check-shape-of-output-reports.patch
 	patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch
+	patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
 	patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch
 	patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch
 	patches.suse/net-mpls-fix-stale-pointer-if-allocation-fails-durin.patch