diff --git a/SOURCES/CVE-2023-35788.patch b/SOURCES/CVE-2023-35788.patch
new file mode 100644
index 0000000..d38a811
--- /dev/null
+++ b/SOURCES/CVE-2023-35788.patch
@@ -0,0 +1,88 @@
+From 8a2f5f2c9ef2495c8e50f319ae3445c3b92e0633 Mon Sep 17 00:00:00 2001
+From: Ryan Sullivan <rysulliv@redhat.com>
+Date: Tue, 25 Jul 2023 11:39:53 -0400
+Subject: [KPATCH CVE-2023-35788] kpatch fixes for CVE-2023-35788
+
+Kernels:
+3.10.0-1160.83.1.el7
+3.10.0-1160.88.1.el7
+3.10.0-1160.90.1.el7
+3.10.0-1160.92.1.el7
+3.10.0-1160.95.1.el7
+
+
+Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-7/-/merge_requests/56
+Approved-by: Joe Lawrence (@joe.lawrence)
+Changes since last build:
+arches: x86_64 ppc64le
+cls_flower.o: changed function: fl_set_geneve_opt
+---------------------------
+
+Modifications:
+adds noinline to fl_set_geneve_opt() definition to make sure that
+kpatch-build can correlate static local variables during the build
+process
+
+commit ab0aa1bec5258018fc29e01570fc30d8261b9c03
+Author: Davide Caratti <dcaratti@redhat.com>
+Date:   Mon Jun 26 15:48:59 2023 +0200
+
+    net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
+
+    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2216982
+    Upstream Status: net.git commit 4d56304e5827
+    CVE: CVE-2023-35788
+
+    commit 4d56304e5827c8cc8cc18c75343d283af7c4825c
+    Author: Hangyu Hua <hbh25y@gmail.com>
+    Date:   Wed May 31 18:28:04 2023 +0800
+
+        net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
+
+        If we send two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets and their total
+        size is 252 bytes(key->enc_opts.len = 252) then
+        key->enc_opts.len = opt->length = data_len / 4 = 0 when the third
+        TCA_FLOWER_KEY_ENC_OPTS_GENEVE packet enters fl_set_geneve_opt. This
+        bypasses the next bounds check and results in an out-of-bounds.
+
+        Fixes: 0a6e77784f49 ("net/sched: allow flower to match tunnel options")
+        Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
+        Reviewed-by: Simon Horman <simon.horman@corigine.com>
+        Reviewed-by: Pieter Jansen van Vuuren <pieter.jansen-van-vuuren@amd.com>
+        Link: https://lore.kernel.org/r/20230531102805.27090-1-hbh25y@gmail.com
+        Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+
+    Signed-off-by: Davide Caratti <dcaratti@redhat.com>
+
+Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
+---
+ net/sched/cls_flower.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
+index 68287b05c847..dfd219bf9cca 100644
+--- a/net/sched/cls_flower.c
++++ b/net/sched/cls_flower.c
+@@ -587,7 +587,7 @@ static void fl_set_key_ip(struct nlattr **tb, bool encap,
+ 	fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
+ }
+ 
+-static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
++noinline static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
+ 			     int depth, int option_len)
+ {
+ 	struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
+@@ -598,6 +598,9 @@ static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
+ 	if (option_len > sizeof(struct geneve_opt))
+ 		data_len = option_len - sizeof(struct geneve_opt);
+ 
++	if (key->enc_opts.len > FLOW_DIS_TUN_OPTS_MAX - 4)
++		return -ERANGE;
++
+ 	opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
+ 	memset(opt, 0xff, option_len);
+ 	opt->length = data_len / 4;
+-- 
+2.40.1
+
+
diff --git a/SPECS/kpatch-patch.spec b/SPECS/kpatch-patch.spec
index 659f4b6..bf59277 100644
--- a/SPECS/kpatch-patch.spec
+++ b/SPECS/kpatch-patch.spec
@@ -6,7 +6,7 @@
 %define kernel_ver	3.10.0-1160.92.1.el7
 %define kpatch_ver	0.9.2
 %define rpm_ver		1
-%define rpm_rel		1
+%define rpm_rel		2
 
 %if !%{empty_package}
 # Patch sources below. DO NOT REMOVE THIS LINE.
@@ -16,6 +16,9 @@ Source100: CVE-2022-3564.patch
 #
 # https://bugzilla.redhat.com/2196588
 Source101: CVE-2023-32233.patch
+#
+# https://bugzilla.redhat.com/2217003
+Source102: CVE-2023-35788.patch
 # End of patch sources. DO NOT REMOVE THIS LINE.
 %endif
 
@@ -150,6 +153,9 @@ It is only a method to subscribe to the kpatch stream for kernel-%{kernel_ver}.
 %endif
 
 %changelog
+* Tue Aug 15 2023 Yannick Cote <ycote@redhat.com> [1-2.el7]
+- kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() [2217003] {CVE-2023-35788}
+
 * Wed Jul 05 2023 Yannick Cote <ycote@redhat.com> [1-1.el7]
 - kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation [2196588] {CVE-2023-32233}
 - kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c [2153001] {CVE-2022-3564}