diff --git a/qemu.spec b/qemu.spec
index 80fdd6d..c4c017c 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -318,6 +318,9 @@ Patch0305: vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch
 Patch0306: vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch
 Patch0307: vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
 Patch0308: vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch
+Patch0309: ide-ahci-add-check-to-avoid-null-dereference-CVE-201.patch
+Patch0310: hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch
+Patch0311: usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -705,6 +708,11 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Mon Jun 21 2021 Chen Qun <kuhn.chenqun@huawei.com>
+- ide: ahci: add check to avoid null dereference (CVE-2019-12067)
+- hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
+- usb: limit combined packets to 1 MiB (CVE-2021-3527)
+
 * Tue Jun 15 2021 Chen Qun <kuhn.chenqun@huawei.com>
 - vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)
 - vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544)