diff --git a/.passt.checksum b/.passt.checksum
index 525e07cbeeb1edcd349dfe7fad5ce9645159c3ab..1a22cc932567b40bfb35604a03da8f291a8195dc 100644
--- a/.passt.checksum
+++ b/.passt.checksum
@@ -1 +1 @@
-176700ad32d1ca16983a0e1c9b311e0c5c048e8d815f181227105c0339396b03
+a45f2813ca382bd13c464efad2076ae6e421de5c60e885594513f3afe8e97a37
diff --git a/SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch b/SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
new file mode 100644
index 0000000000000000000000000000000000000000..44201263da3f468c2f2c01849f765a57f613437c
--- /dev/null
+++ b/SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
@@ -0,0 +1,44 @@
+From 2d5181f7363a09b24b225b9d7c07f999a1f89e63 Mon Sep 17 00:00:00 2001
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Mon, 3 Feb 2025 08:19:16 +0100
+Subject: [PATCH] tcp: Don't reset outbound connection on SYN retries
+
+Reported by somebody on IRC: if the server has considerable latency,
+it might happen that the client retries sending SYN segments for the
+same flow while we're still in a TAP_SYN_RCVD, non-ESTABLISHED state.
+
+In that case, we should go with the blanket assumption that we need
+to reset the connection on any unexpected segment: RFC 9293 explicitly
+mentions this case in Figure 8: Recovery from Old Duplicate SYN,
+section 3.5. It doesn't make sense for us to set a specific sequence
+number, socket-side, but we should definitely wait and see.
+
+Ignoring the duplicate SYN segment should also be compatible with
+section 3.10.7.3. SYN-SENT STATE, which mentions updating sequences
+socket-side (which we can't do anyway), but certainly not reset the
+connection.
+
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
+(cherry picked from commit 722d347c1932f630a53ba05ea0270a651ed601b2)
+---
+ tcp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tcp.c b/tcp.c
+index bbc5687..babd02a 100644
+--- a/tcp.c
++++ b/tcp.c
+@@ -1962,6 +1962,9 @@ int tcp_tap_handler(struct ctx *c, uint8_t pif, sa_family_t af,
+ 
+ 	/* Establishing connection from tap */
+ 	if (conn->events & TAP_SYN_RCVD) {
++		if (th->syn && !th->ack && !th->fin)
++			return 1;	/* SYN retry: ignore and keep waiting */
++
+ 		if (!(conn->events & TAP_SYN_ACK_SENT))
+ 			goto reset;
+ 
+-- 
+2.47.1
+
diff --git a/SPECS/passt.spec b/SPECS/passt.spec
index b3147e22a90eb4142c3d43d648f76f3fbf78fe48..224e848c4bfba9243e332c686178916f159c6aec 100644
--- a/SPECS/passt.spec
+++ b/SPECS/passt.spec
@@ -12,7 +12,7 @@
 
 Name:		passt
 Version:	0^20240806.gee36266
-Release:	6%{?dist}
+Release:	7%{?dist}
 Summary:	User-mode networking daemons for virtual machines and namespaces
 License:	GPL-2.0-or-later AND BSD-3-Clause
 Group:		System Environment/Daemons
@@ -25,6 +25,7 @@ Patch3:		0003-tcp-Acknowledge-keep-alive-segments-ignore-them-for-.patch
 Patch4:		0004-tcp_splice-Set-again-TCP_NODELAY-on-both-sides.patch
 Patch5:		0005-flow-Fix-incorrect-hash-probe-in-flowside_lookup.patch
 Patch6:		0006-tcp-Set-ACK-flag-on-all-RST-segments-even-for-client.patch
+Patch7:		0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
 
 BuildRequires:	gcc, make, git, checkpolicy, selinux-policy-devel
 Requires:	(%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
@@ -131,6 +132,9 @@ fi
 %{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
 
 %changelog
+* Wed Mar 12 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-7
+- Resolves: RHEL-83155
+
 * Tue Jan 21 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-6
 - Resolves: RHEL-75645