diff --git a/.gitignore b/.gitignore
index e69de29..e357dc4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/kernel-4.18.0-372.16.1.el8_6.src.rpm
+SOURCES/v0.9.6.tar.gz
diff --git a/.kpatch-patch-4_18_0-372_16_1.metadata b/.kpatch-patch-4_18_0-372_16_1.metadata
index e69de29..4b8efb6 100644
--- a/.kpatch-patch-4_18_0-372_16_1.metadata
+++ b/.kpatch-patch-4_18_0-372_16_1.metadata
@@ -0,0 +1,2 @@
+d919e94b4c3193bdf7f1cf3915575fdfb80e388c SOURCES/kernel-4.18.0-372.16.1.el8_6.src.rpm
+223c224ddd6896c467b9347ab297e3f7f013f5d7 SOURCES/v0.9.6.tar.gz
diff --git a/SOURCES/CVE-2022-32250.patch b/SOURCES/CVE-2022-32250.patch
new file mode 100644
index 0000000..e2e27f7
--- /dev/null
+++ b/SOURCES/CVE-2022-32250.patch
@@ -0,0 +1,140 @@
+From 2f9874af7248b917772c8673054118267b3be415 Mon Sep 17 00:00:00 2001
+From: Julia Denham <jdenham@redhat.com>
+Date: Mon, 11 Jul 2022 08:10:32 -0400
+Subject: [KPATCH CVE-2022-32250] kpatch fixes for CVE-2022-1966
+Content-type: text/plain
+
+Kernels:
+4.18.0-372.9.1.el8
+
+Changes since last build:
+arches: x86_64 ppc64le
+nf_tables_api.o: changed function: nft_expr_init
+nf_tables_api.o: changed function: nft_set_elem_expr_alloc
+---------------------------
+
+Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-8/-/merge_requests/53
+Approved-by: Joe Lawrence (@joe.lawrence)
+Approved-by: Yannick Cote (@ycote1)
+Modifications: none
+
+commit afeaad78f78f7593e89f540a87b8796e8d705d57
+Author: Phil Sutter <psutter@redhat.com>
+Date:   Thu Jun 2 20:58:22 2022 +0200
+
+    netfilter: nf_tables: disallow non-stateful expression in sets earlier
+
+    Bugzilla: https://bugzilla.redhat.com/2092986
+    CVE: CVE-2022-32250
+    Y-Commit: cfb0d599ec74a88a5f02455616f96946defb849e
+
+    O-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2092987
+    Upstream Status: net.git commit 520778042ccca
+    O-CVE: CVE-2022-32250
+    Conflicts: Upstream renamed info -> expr_info.
+
+    commit 520778042ccca019f3ffa136dd0ca565c486cedd
+    Author: Pablo Neira Ayuso <pablo@netfilter.org>
+    Date:   Wed May 25 10:36:38 2022 +0200
+
+        netfilter: nf_tables: disallow non-stateful expression in sets earlier
+
+        Since 3e135cd499bf ("netfilter: nft_dynset: dynamic stateful expression
+        instantiation"), it is possible to attach stateful expressions to set
+        elements.
+
+        cd5125d8f518 ("netfilter: nf_tables: split set destruction in deactivate
+        and destroy phase") introduces conditional destruction on the object to
+        accomodate transaction semantics.
+
+        nft_expr_init() calls expr->ops->init() first, then check for
+        NFT_STATEFUL_EXPR, this stills allows to initialize a non-stateful
+        lookup expressions which points to a set, which might lead to UAF since
+        the set is not properly detached from the set->binding for this case.
+        Anyway, this combination is non-sense from nf_tables perspective.
+
+        This patch fixes this problem by checking for NFT_STATEFUL_EXPR before
+        expr->ops->init() is called.
+
+        The reporter provides a KASAN splat and a poc reproducer (similar to
+        those autogenerated by syzbot to report use-after-free errors). It is
+        unknown to me if they are using syzbot or if they use similar automated
+        tool to locate the bug that they are reporting.
+
+        For the record, this is the KASAN splat.
+
+        [   85.431824] ==================================================================
+        [   85.432901] BUG: KASAN: use-after-free in nf_tables_bind_set+0x81b/0xa20
+        [   85.433825] Write of size 8 at addr ffff8880286f0e98 by task poc/776
+        [   85.434756]
+        [   85.434999] CPU: 1 PID: 776 Comm: poc Tainted: G        W         5.18.0+ #2
+        [   85.436023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
+
+        Fixes: 0b2d8a7b638b ("netfilter: nf_tables: add helper functions for expression handling")
+        Reported-and-tested-by: Aaron Adams <edg-e@nccgroup.com>
+        Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+
+    Signed-off-by: Phil Sutter <psutter@redhat.com>
+    Signed-off-by: Augusto Caringi <acaringi@redhat.com>
+
+Signed-off-by: Julia Denham <jdenham@redhat.com>
+---
+ net/netfilter/nf_tables_api.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
+index aa095db8d0ca..097680c5f914 100644
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -2576,27 +2576,31 @@ static struct nft_expr *nft_expr_init(const struct nft_ctx *ctx,
+ 
+ 	err = nf_tables_expr_parse(ctx, nla, &info);
+ 	if (err < 0)
+-		goto err1;
++		goto err_expr_parse;
++
++	err = -EOPNOTSUPP;
++	if (!(info.ops->type->flags & NFT_EXPR_STATEFUL))
++		goto err_expr_stateful;
+ 
+ 	err = -ENOMEM;
+ 	expr = kzalloc(info.ops->size, GFP_KERNEL);
+ 	if (expr == NULL)
+-		goto err2;
++		goto err_expr_stateful;
+ 
+ 	err = nf_tables_newexpr(ctx, &info, expr);
+ 	if (err < 0)
+-		goto err3;
++		goto err_expr_new;
+ 
+ 	return expr;
+-err3:
++err_expr_new:
+ 	kfree(expr);
+-err2:
++err_expr_stateful:
+ 	owner = info.ops->type->owner;
+ 	if (info.ops->type->release_ops)
+ 		info.ops->type->release_ops(info.ops);
+ 
+ 	module_put(owner);
+-err1:
++err_expr_parse:
+ 	return ERR_PTR(err);
+ }
+ 
+@@ -4983,9 +4987,6 @@ struct nft_expr *nft_set_elem_expr_alloc(const struct nft_ctx *ctx,
+ 		return expr;
+ 
+ 	err = -EOPNOTSUPP;
+-	if (!(expr->ops->type->flags & NFT_EXPR_STATEFUL))
+-		goto err_set_elem_expr;
+-
+ 	if (expr->ops->type->flags & NFT_EXPR_GC) {
+ 		if (set->flags & NFT_SET_TIMEOUT)
+ 			goto err_set_elem_expr;
+-- 
+2.26.3
+
+
diff --git a/SPECS/kpatch-patch.spec b/SPECS/kpatch-patch.spec
index 5c58098..2627263 100644
--- a/SPECS/kpatch-patch.spec
+++ b/SPECS/kpatch-patch.spec
@@ -1,17 +1,18 @@
 # Set to 1 if building an empty subscription-only package.
-%define empty_package		1
+%define empty_package		0
 
 #######################################################
 # Only need to update these variables and the changelog
 %define kernel_ver	4.18.0-372.16.1.el8_6
 %define kpatch_ver	0.9.6
-%define rpm_ver		0
-%define rpm_rel		0
+%define rpm_ver		1
+%define rpm_rel		1
 
 %if !%{empty_package}
 # Patch sources below. DO NOT REMOVE THIS LINE.
-Source100:		XXX.patch
-#Source101:		YYY.patch
+#
+# https://bugzilla.redhat.com/2093006
+Source100: CVE-2022-32250.patch
 # End of patch sources. DO NOT REMOVE THIS LINE.
 %endif
 
@@ -150,5 +151,8 @@ It is only a method to subscribe to the kpatch stream for kernel-%{kernel_ver}.
 %endif
 
 %changelog
+* Thu Jul 21 2022 Joe Lawrence <joe.lawrence@redhat.com> [1-1.el8_6]
+- kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root [2093006] {CVE-2022-32250}
+
 * Wed Jun 29 2022 Yannick Cote <ycote@redhat.com> [0-0.el8]
 - An empty patch to subscribe to kpatch stream for kernel-4.18.0-372.16.1.el8_6 [2102194]