diff --git a/0001-Prevent-icmp_socket-leak-on-error.patch b/0001-Prevent-icmp_socket-leak-on-error.patch
new file mode 100644
index 0000000..1e812a5
--- /dev/null
+++ b/0001-Prevent-icmp_socket-leak-on-error.patch
@@ -0,0 +1,32 @@
+From 7b4eda3369d937763f7076ad1098916a5973bc6a Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 27 Aug 2024 17:59:15 +0200
+Subject: [PATCH] Prevent icmp_socket leak on error
+
+---
+ packet/probe_unix.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/packet/probe_unix.c b/packet/probe_unix.c
+index 00ec7a2..7362d6d 100644
+--- a/packet/probe_unix.c
++++ b/packet/probe_unix.c
+@@ -296,6 +296,7 @@ int open_ip4_sockets_dgram(
+     }
+ #ifdef HAVE_LINUX_ERRQUEUE_H
+     if (setsockopt(icmp_socket, SOL_IP, IP_RECVERR, &val, sizeof(val)) < 0) {
++        close(icmp_socket);
+         return -1;
+     }
+ #endif
+@@ -386,6 +387,7 @@ int open_ip6_sockets_dgram(
+     }
+ #ifdef HAVE_LINUX_ERRQUEUE_H
+     if (setsockopt(icmp_socket, SOL_IPV6, IPV6_RECVERR, &val, sizeof(val)) < 0) {
++        close(icmp_socket);
+         return -1;
+     }
+ #endif
+-- 
+2.39.3 (Apple Git-146)
+
diff --git a/mtr.spec b/mtr.spec
index a4583bd..f6344c8 100644
--- a/mtr.spec
+++ b/mtr.spec
@@ -3,7 +3,7 @@
 Summary: Network diagnostic tool combining 'traceroute' and 'ping'
 Name: mtr
 Version: 0.95
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 2
 License: GPL-2.0-only
 URL: https://www.bitwizard.nl/mtr/
@@ -11,6 +11,7 @@ Source0: https://github.com/traviscross/mtr/archive/v%{version}/%{name}-%{versio
 Source1: net-x%{name}.desktop
 # https://github.com/traviscross/mtr/issues/469
 Patch0: https://github.com/traviscross/mtr/commit/5908af4c19188cb17b62f23368b6ef462831a0cb.patch#/mtr-0.95-snprintf-sizes.patch
+Patch1: 0001-Prevent-icmp_socket-leak-on-error.patch
 
 BuildRequires: gcc make ncurses-devel libcap-devel jansson-devel
 BuildRequires: autoconf automake libtool git
@@ -50,6 +51,7 @@ about each machine.
 %prep
 %setup -q
 %patch0 -p1 -b .snprintf-sizes
+%patch -P1 -p1 -b .socket-leak
 
 %build
 ./bootstrap.sh
@@ -81,6 +83,9 @@ desktop-file-install --dir=%{buildroot}%{_datadir}/applications %{SOURCE1}
 %{_datadir}/applications/net-x%{name}.desktop
 
 %changelog
+* Fri Feb 14 2025 Michal Sekletar <msekleta@redhat.com> - 2:0.95-11
+- fix SAST issues (RHEL-40015)
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2:0.95-10
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018