diff --git a/xen.spec b/xen.spec
index 5736a89..23a7806 100644
--- a/xen.spec
+++ b/xen.spec
@@ -55,7 +55,7 @@
 Summary: Xen is a virtual machine monitor
 Name:    xen
 Version: 4.16.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+ and LGPLv2+ and BSD
 URL:     http://xen.org/
 Source0: https://downloads.xenproject.org/release/xen/%{version}/xen-%{version}.tar.gz
@@ -135,6 +135,7 @@ Patch67: xsa407-4.16-5.patch
 Patch68: xsa407-4.16-6.patch
 Patch69: xsa407-4.16-7.patch
 Patch70: xsa407-4.16-8.patch
+Patch71: xsa408.patch
 
 
 %if %build_qemutrad
@@ -371,6 +372,7 @@ manage Xen virtual machines.
 %patch68 -p1
 %patch69 -p1
 %patch70 -p1
+%patch71 -p1
 
 # qemu-xen-traditional patches
 pushd tools/qemu-xen-traditional
@@ -986,6 +988,10 @@ fi
 %endif
 
 %changelog
+* Tue Jul 26 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.1-8
+- insufficient TLB flush for x86 PV guests in shadow mode [XSA-408,
+	CVE-2022-33745]
+
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.16.1-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 
diff --git a/xsa408.patch b/xsa408.patch
new file mode 100644
index 0000000..c58193f
--- /dev/null
+++ b/xsa408.patch
@@ -0,0 +1,36 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/mm: correct TLB flush condition in _get_page_type()
+
+When this logic was moved, it was moved across the point where nx is
+updated to hold the new type for the page. IOW originally it was
+equivalent to using x (and perhaps x would better have been used), but
+now it isn't anymore. Switch to using x, which then brings things in
+line again with the slightly earlier comment there (now) talking about
+transitions _from_ writable.
+
+I have to confess though that I cannot make a direct connection between
+the reported observed behavior of guests leaving several pages around
+with pending general references and the change here. Repeated testing,
+nevertheless, confirms the reported issue is no longer there.
+
+This is CVE-2022-33745 / XSA-408.
+
+Reported-by: Charles Arnold <carnold@suse.com>
+Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+---
+I'd be happy to update the description to actually connect things, as
+long as someone can give some plausible explanation.
+
+--- a/xen/arch/x86/mm.c
++++ b/xen/arch/x86/mm.c
+@@ -3038,7 +3038,7 @@ static int _get_page_type(struct page_in
+             if ( unlikely(!cpumask_empty(mask)) &&
+                  /* Shadow mode: track only writable pages. */
+                  (!shadow_mode_enabled(d) ||
+-                  ((nx & PGT_type_mask) == PGT_writable_page)) )
++                  ((x & PGT_type_mask) == PGT_writable_page)) )
+             {
+                 perfc_incr(need_flush_tlb_flush);
+                 /*