diff --git a/0001-dix-Fix-use-after-free-in-input-device-shutdown.patch b/0001-dix-Fix-use-after-free-in-input-device-shutdown.patch
new file mode 100644
index 0000000..c2d723f
--- /dev/null
+++ b/0001-dix-Fix-use-after-free-in-input-device-shutdown.patch
@@ -0,0 +1,77 @@
+From 1801fe0ac3926882d47d7e1ad6c0518a2cdffd41 Mon Sep 17 00:00:00 2001
+From: Povilas Kanapickas <povilas@radix.lt>
+Date: Sun, 19 Dec 2021 18:11:07 +0200
+Subject: [PATCH] dix: Fix use after free in input device shutdown
+
+This fixes access to freed heap memory via dev->master. E.g. when
+running BarrierNotify.ReceivesNotifyEvents/7 test from
+xorg-integration-tests:
+
+==24736==ERROR: AddressSanitizer: heap-use-after-free on address
+0x619000065020 at pc 0x55c450e2b9cf bp 0x7fffc532fd20 sp 0x7fffc532fd10
+READ of size 4 at 0x619000065020 thread T0
+    #0 0x55c450e2b9ce in GetMaster ../../../dix/devices.c:2722
+    #1 0x55c450e9d035 in IsFloating ../../../dix/events.c:346
+    #2 0x55c4513209c6 in GetDeviceUse ../../../Xi/xiquerydevice.c:525
+../../../Xi/xichangehierarchy.c:95
+    #4 0x55c450e3455c in RemoveDevice ../../../dix/devices.c:1204
+../../../hw/xfree86/common/xf86Xinput.c:1142
+    #6 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
+    #7 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
+    #8 0x55c450e837ef in dix_main ../../../dix/main.c:302
+    #9 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
+(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
+    #11 0x55c450d0113d in _start (/usr/lib/xorg/Xorg+0x117713d)
+
+0x619000065020 is located 160 bytes inside of 912-byte region
+[0x619000064f80,0x619000065310)
+freed by thread T0 here:
+(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
+    #1 0x55c450e19f1c in CloseDevice ../../../dix/devices.c:1014
+    #2 0x55c450e343a4 in RemoveDevice ../../../dix/devices.c:1186
+../../../hw/xfree86/common/xf86Xinput.c:1142
+    #4 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
+    #5 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
+    #6 0x55c450e837ef in dix_main ../../../dix/main.c:302
+    #7 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
+(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
+
+previously allocated by thread T0 here:
+(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
+    #1 0x55c450e1c57b in AddInputDevice ../../../dix/devices.c:259
+    #2 0x55c450e34840 in AllocDevicePair ../../../dix/devices.c:2755
+    #3 0x55c45130318f in add_master ../../../Xi/xichangehierarchy.c:152
+../../../Xi/xichangehierarchy.c:465
+    #5 0x55c4512cb9f5 in ProcIDispatch ../../../Xi/extinit.c:390
+    #6 0x55c450e6a92b in Dispatch ../../../dix/dispatch.c:551
+    #7 0x55c450e834b7 in dix_main ../../../dix/main.c:272
+    #8 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
+(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
+
+The problem is caused by dev->master being not reset when disabling the
+device, which then causes dangling pointer when the master device itself
+is being deleted when exiting whole server.
+
+Note that RecalculateMasterButtons() requires dev->master to be still
+valid, so we can reset it only at the end of function.
+
+Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
+---
+ dix/devices.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/dix/devices.c b/dix/devices.c
+index e62c34c55..5f9ce1678 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -520,6 +520,7 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
+     }
+ 
+     RecalculateMasterButtons(dev);
++    dev->master = NULL;
+ 
+     return TRUE;
+ }
+-- 
+2.43.0
+
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index a30b55b..81e8f11 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -46,7 +46,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.20.14
-Release:   29%{?gitdate:.%{gitdate}}%{?dist}
+Release:   30%{?gitdate:.%{gitdate}}%{?dist}
 URL:       http://www.x.org
 # SPDX
 License:   Adobe-Display-PostScript AND BSD-3-Clause AND DEC-3-Clause AND HPND AND HPND-sell-MIT-disclaimer-xserver AND HPND-sell-variant AND ICU AND ISC AND MIT AND MIT-open-group AND NTP AND SGI-B-2.0 AND SMLNJ AND X11 AND X11-distribute-modifications-variant
@@ -170,6 +170,8 @@ Patch3820: 0007-dix-when-disabling-a-master-float-disabled-slaved-de.patch
 Patch3821: 0008-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
 # CVE-2024-0409
 Patch3822: 0009-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
+# Related to CVE-2024-21886
+Patch3823: 0001-dix-Fix-use-after-free-in-input-device-shutdown.patch
 
 BuildRequires: make
 BuildRequires: systemtap-sdt-devel
@@ -585,6 +587,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 
 
 %changelog
+* Fri Jan 19 2024 José Expósito <jexposit@redhat.com> - 1.20.14-30
+- Fix use after free related to CVE-2024-21886
+
 * Tue Jan 16 2024 José Expósito <jexposit@redhat.com> - 1.20.14-29
 - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886,
   CVE-2024-0408 and CVE-2024-0409