diff --git a/kbd-2.6.4-initialize-variable.patch b/kbd-2.6.4-initialize-variable.patch
new file mode 100644
index 0000000..545b1b9
--- /dev/null
+++ b/kbd-2.6.4-initialize-variable.patch
@@ -0,0 +1,12 @@
+diff -up kbd-2.6.4/src/libkfont/setfont.c.orig kbd-2.6.4/src/libkfont/setfont.c
+--- kbd-2.6.4/src/libkfont/setfont.c.orig	2023-09-27 11:57:58.000000000 +0200
++++ kbd-2.6.4/src/libkfont/setfont.c	2024-07-29 09:45:11.476820762 +0200
+@@ -280,7 +280,7 @@ kfont_load_fonts(struct kfont_context *c
+ 	unsigned char *inbuf, *fontbuf, *bigfontbuf;
+ 	unsigned int inputlth, fontbuflth, fontsize, height, width;
+ 	unsigned int bigfontbuflth, bigfontsize, bigheight, bigwidth;
+-	unsigned char *ptr;
++	unsigned char *ptr = NULL;
+ 	struct unicode_list *uclistheads;
+ 	struct kbdfile *fp = NULL;
+ 	int i;
diff --git a/kbd.spec b/kbd.spec
index b7459f6..455e938 100644
--- a/kbd.spec
+++ b/kbd.spec
@@ -5,7 +5,7 @@
 
 Name:           kbd
 Version:        2.6.4
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Tools for configuring the console (keyboard, virtual terminals, etc.)
 License:        GPL-2.0-or-later
 URL:            http://www.kbd-project.org/
@@ -32,6 +32,8 @@ Patch4:         kbd-1.15.5-loadkeys-search-path.patch
 Patch5:         kbd-2.0.2-unicode-start-font.patch
 # Patch6: fixes issues found by static analysis
 Patch6:         kbd-2.4.0-covscan-fixes.patch
+# Patch7: initializes variable (SAST)
+Patch7:         kbd-2.6.4-initialize-variable.patch
 
 BuildRequires:  gcc, bison, flex, gettext, pam-devel, check-devel, automake
 BuildRequires:  console-setup, xkeyboard-config
@@ -183,6 +185,10 @@ make check
 %{kbd_datadir}/keymaps/legacy
 
 %changelog
+* Mon Jul 29 2024 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.4-5
+- Initialize variable to avoid possible uninitialized use
+  Resolves: RHEL-40728
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.6.4-4
 - Bump release for June 2024 mass rebuild