diff --git a/libvirt.spec b/libvirt.spec
index 23b97b7..b6d271d 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -101,7 +101,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 6.2.0
-Release: 21
+Release: 22
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -156,6 +156,7 @@ Patch0043: virsh-Display-vhostuser-socket-path-in-domblklist.patch
 Patch0044: nwfilter-fix-crash-when-counting-number-of-network-f.patch
 Patch0045: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch
 Patch0046: update-the-Chinese-translation-of-nwfilter.patch
+Patch0047: virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -1890,6 +1891,9 @@ exit 0
 
 
 %changelog
+* Wed Apr 10 2024 caozhongwang <caozhongwang1@huawei.com>
+- vish:Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441)
+
 * Sat Dec 10 2022 yezengruan <yezengruan@huawei.com>
 - update the Chinese translation of nwfilter
 
diff --git a/virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch b/virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
new file mode 100644
index 0000000..de70e00
--- /dev/null
+++ b/virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
@@ -0,0 +1,39 @@
+From 001ede185f96d359481495a4016fcd0cffb2e1b0 Mon Sep 17 00:00:00 2001
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Tue, 27 Feb 2024 16:20:12 +0100
+Subject: [PATCH 6/8] virsh:Fix off-by-one error in udevListInterfacesByStatus
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ever since this function was introduced in 2012 it could've tried
+filling in an extra interface name.  That was made worse in 2019 when
+the caller functions started accepting NULL arrays of size 0.
+
+This is assigned CVE-2024-1441.
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
+Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
+Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/interface/interface_backend_udev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index e388f98536..dde88860d3 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -221,7 +221,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
+         virInterfaceDefPtr def;
+ 
+         /* Ensure we won't exceed the size of our array */
+-        if (count > names_len)
++        if (count >= names_len)
+             break;
+ 
+         path = udev_list_entry_get_name(dev_entry);
+-- 
+2.27.0
+