diff --git a/audit.spec b/audit.spec
index 5777444..30c8d07 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,7 +2,7 @@
 Summary: User space tools for kernel auditing
 Name: audit
 Version: 4.0.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: https://github.com/linux-audit/audit-userspace/
 Source0: https://github.com/linux-audit/audit-userspace/archive/refs/tags/v%{version}.tar.gz
@@ -19,6 +19,7 @@ Patch3: warning-before-HALT.patch
 Patch4: TTY-hostname.patch
 Patch5: permtab-unsupport-syscalls-v1.patch
 Patch6: permtab-unsupport-syscalls-v2.patch
+Patch7: ausearch-checkpoint-race.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Recommends: %{name}-rules%{?_isa} = %{version}-%{release}
@@ -112,6 +113,7 @@ The audit rules package contains the rules and utilities to load audit rules.
 %patch -P 4 -p1
 %patch -P 5 -p1
 %patch -P 6 -p1
+%patch -P 7 -p1
 cp %{SOURCE1} .
 
 %build
@@ -313,6 +315,10 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
 
 %changelog
+* Fri Apr 11 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-4
+- ausearch-checkpoint race condition fix
+  Resolves: RHEL-86896
+
 * Fri Apr 04 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-3
 - Adjust dependency between audit and audit-rules
   Resolves: RHEL-77141
diff --git a/ausearch-checkpoint-race.patch b/ausearch-checkpoint-race.patch
new file mode 100644
index 0000000..ce3e30a
--- /dev/null
+++ b/ausearch-checkpoint-race.patch
@@ -0,0 +1,35 @@
+diff --git a/src/ausearch.c b/src/ausearch.c
+index 3bf95b5a..cf77ba14 100644
+--- a/src/ausearch.c
++++ b/src/ausearch.c
+@@ -464,6 +464,17 @@ static int process_log_fd(void)
+ 		if ((ret != 0)||(entries->cnt == 0))
+ 			break;
+ 
++		/*
++		 * If we are checkpointing, decide if we output this event.
++		 * We need to do it as early as here. The chkpt_input_levent event
++		 * might not match the entries, so we need to ensure that we don't
++		 * skip the event that is the checkpoint event. That is the marking point
++		 * from which we start outputting events. Leaving that event out will produce
++		 * empty results.
++		 */
++		if (checkpt_filename)
++			do_output = chkpt_output_decision(&entries->e);
++
+ 		/*
+  		 * We flush all events on the last log file being processed.
+  		 * Thus incomplete events are 'carried forward' to be
+@@ -471,12 +482,6 @@ static int process_log_fd(void)
+  		 * in the next file we are about to process.
+  		 */
+ 		if (match(entries)) {
+-			/*
+-			 * If we are checkpointing, decide if we output
+-			 * this event
+-			 */
+-			if (checkpt_filename)
+-				do_output = chkpt_output_decision(&entries->e);
+ 
+ 			if (do_output == 1) {
+ 				found = 1;