diff --git a/CVE-2023-46049.patch b/CVE-2023-46049.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fbbd3ecc84f3cb93b22dc3c132549cd843a808e6
--- /dev/null
+++ b/CVE-2023-46049.patch
@@ -0,0 +1,34 @@
+From c2515a8f2be5dd23354c9891f41ad104000f88c4 Mon Sep 17 00:00:00 2001
+From: Nikita Popov <npopov@redhat.com>
+Date: Tue, 26 Sep 2023 16:51:40 +0200
+Subject: [PATCH] [Bitcode] Add some missing GetTypeByID failure checks
+
+Print an error instead of crashing.
+
+Fixes https://github.com/llvm/llvm-project/issues/67388.
+---
+ llvm/lib/Bitcode/Reader/MetadataLoader.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/llvm/lib/Bitcode/Reader/MetadataLoader.cpp b/llvm/lib/Bitcode/Reader/MetadataLoader.cpp
+index b4b8690523244e..2b52b46a4ee5c4 100644
+--- a/llvm/lib/Bitcode/Reader/MetadataLoader.cpp
++++ b/llvm/lib/Bitcode/Reader/MetadataLoader.cpp
+@@ -1315,7 +1315,7 @@ Error MetadataLoader::MetadataLoaderImpl::parseOneMetadata(
+ 
+     unsigned TyID = Record[0];
+     Type *Ty = Callbacks.GetTypeByID(TyID);
+-    if (Ty->isMetadataTy() || Ty->isVoidTy()) {
++    if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy()) {
+       dropRecord();
+       break;
+     }
+@@ -1366,7 +1366,7 @@ Error MetadataLoader::MetadataLoaderImpl::parseOneMetadata(
+ 
+     unsigned TyID = Record[0];
+     Type *Ty = Callbacks.GetTypeByID(TyID);
+-    if (Ty->isMetadataTy() || Ty->isVoidTy())
++    if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy())
+       return error("Invalid record");
+ 
+     Value *V = ValueList.getValueFwdRef(Record[1], Ty, TyID,
diff --git a/llvm.spec b/llvm.spec
index dd2dee7aed2e7981c8432286ac6894d0edf4089e..53ea712c16270db696762d1318ddce6219f7f2cf 100644
--- a/llvm.spec
+++ b/llvm.spec
@@ -2,7 +2,7 @@
 
 Name:		llvm
 Version:	17.0.6
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Low Level Virtual Machine, modular and reusable compiler and toolchain
 License:	Apache License v2.0 with LLVM Exceptions
 URL:		http://llvm.org
@@ -10,6 +10,9 @@ Source0:	https://github.com/llvm/llvm-project/releases/download/llvmorg-%{versio
 Source1:	https://github.com/llvm/llvm-project/releases/download/llvmorg-%{version}/cmake-%{version}.src.tar.xz
 Source2:	https://github.com/llvm/llvm-project/releases/download/llvmorg-%{version}/third-party-%{version}.src.tar.xz
 
+# https://github.com/llvm/llvm-project/commit/c2515a8f2be5dd23354c9891f41ad104000f88c4
+Patch0001:	CVE-2023-46049.patch
+
 %define maj_ver %(echo %{version} | cut -d. -f1)
 %define min_ver %(echo %{version} | cut -d. -f2)
 %define patch_ver %(echo %{version} | cut -d. -f3)
@@ -85,6 +88,7 @@ cd ..
 mv third-party-%{version}.src third-party
 
 %setup -T -q -b 0 -n llvm-%{version}.src
+%patch -P0001 -p2
 
 pathfix.py -i %{__python3} -p -n -k -as \
 	test/BugPoint/compile-custom.ll.py \
@@ -229,6 +233,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir}  %{__ninja} check-all -C %{_vpath_buildd
 %{_includedir}/llvm-gmock
 
 %changelog
+* Mon Apr 01 2024 rockerzhu <rockerzhu@tencent.com> - 17.0.6-2
+- Fix CVE-2023-46049.
+
 * Mon Dec 18 2023 luffyluo <luffyluo@tencent.com> - 17.0.6-1
 - Upgrade to version 17.0.6