diff --git a/debian/changelog b/debian/changelog
index e487936c5174d3ef3adc08e45b5b62fa17902002..bb30cd925fae9d80efa0f9df5df21a02423558f6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+grub2 (2.06-7) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * Fix bug in core file code so errors are handled better. This makes
+    the fallback font-handling patch work properly.
+    Closes: #1025469, #1025477.
+
+ -- Steve McIntyre <93sam@debian.org>  Tue, 06 Dec 2022 03:14:53 +0000
+
 grub2 (2.06-6) unstable; urgency=medium
 
   [ Steve McIntyre ]
diff --git a/debian/patches/kern-file-Fix-error-handling-in-grub_file_open.patch b/debian/patches/kern-file-Fix-error-handling-in-grub_file_open.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d64c88e9e0cb9fa9836c9bc9b69cf2f015b4fdc2
--- /dev/null
+++ b/debian/patches/kern-file-Fix-error-handling-in-grub_file_open.patch
@@ -0,0 +1,37 @@
+From aee575ddefd35f0fd6592171ae48ab6a4bb27464 Mon Sep 17 00:00:00 2001
+From: Steve McIntyre <steve@einval.com>
+Date: Mon, 5 Dec 2022 23:14:10 +0000
+Subject: [PATCH] kern/file: Fix error handling in grub_file_open()
+
+grub_file_open() calls grub_file_get_device_name(), but doesn't check
+the return. Instead, it checks if grub_errno is set.
+
+However, nothing initialises grub_errno here when grub_file_open()
+starts. This means that trying to open one file that doesn't exist and
+then trying to open another file that does will (incorrectly) also
+fail to open that second file.
+
+Let's fix that.
+
+Signed-off-by: Steve McIntyre <steve@einval.com>
+---
+ grub-core/kern/file.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
+index 8d48fd50d..668b149c3 100644
+--- a/grub-core/kern/file.c
++++ b/grub-core/kern/file.c
+@@ -66,6 +66,9 @@ grub_file_open (const char *name, enum grub_file_type type)
+   const char *file_name;
+   grub_file_filter_id_t filter;
+ 
++  /* Reset grub_errno before we start */
++  grub_errno = GRUB_ERR_NONE;
++
+   device_name = grub_file_get_device_name (name);
+   if (grub_errno)
+     goto fail;
+-- 
+2.30.2
+
diff --git a/debian/patches/series b/debian/patches/series
index 54ac44380cfb003a371feb90dc37d1d93b3f3017..8de491cc03c8ef4ec4f0836f6e800ca163284664 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -106,3 +106,4 @@ cve_2022_2601/0012-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
 cve_2022_2601/0013-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
 cve_2022_2601/0014-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
 font-Try-opening-fonts-from-the-bundled-memdisk.patch
+kern-file-Fix-error-handling-in-grub_file_open.patch