diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-1454.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-1454.patch
new file mode 100644
index 0000000000..0ef26d447f
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-1454.patch
@@ -0,0 +1,37 @@
+From 5835f0d4f6c033bd58806d33fa546908d39825c9 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 18 Dec 2023 11:09:50 +0100
+Subject: [PATCH] authentic: Avoid use after free
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
+
+CVE: CVE-2024-1454
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9]
+
+The original patch is adjusted to fit for the current version.
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/pkcs15init/pkcs15-authentic.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/pkcs15init/pkcs15-authentic.c b/src/pkcs15init/pkcs15-authentic.c
+index c6894dd37..adedd0a04 100644
+--- a/src/pkcs15init/pkcs15-authentic.c
++++ b/src/pkcs15init/pkcs15-authentic.c
+@@ -858,7 +858,10 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card
+         rv = sc_select_file(p15card->card, &path, &file);
+         if (!rv)   {
+ 		rv = sc_get_challenge(p15card->card, buffer, sizeof(buffer));
+-		LOG_TEST_RET(ctx, rv, "Get challenge error");
++		if (rv < 0) {
++			sc_file_free(file);
++			LOG_TEST_RET(ctx, rv, "Get challenge error");
++		}
+ 
+ 		len = file->size > sizeof(buffer) ? sizeof(buffer) : file->size;
+ 	        rv = sc_update_binary(p15card->card, 0, buffer, len, 0);
+--
+2.34.1
\ No newline at end of file
diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
index 7915d8913b..834b83d686 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
            file://CVE-2023-40661-5.patch \
            file://CVE-2023-40661-6.patch \
            file://CVE-2023-40661-7.patch \
+           file://CVE-2024-1454.patch \
           "
 
 # CVE-2021-34193 is a duplicate CVE covering the 5 individual