diff --git a/1006-MdePkg-Fix-overflow-issue-in-BasePeC.patch b/1006-MdePkg-Fix-overflow-issue-in-BasePeC.patch
new file mode 100644
index 0000000000000000000000000000000000000000..dc5a8384534c115ea407ae0270cd464484f8b1d9
--- /dev/null
+++ b/1006-MdePkg-Fix-overflow-issue-in-BasePeC.patch
@@ -0,0 +1,32 @@
+From c95233b8525ca6828921affd1496146cff262e65 Mon Sep 17 00:00:00 2001
+From: Doug Flick <dougflick@microsoft.com>
+Date: Fri, 27 Sep 2024 12:08:55 -0700
+Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
+
+The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
+also a UINT32 value. The current code does not check for overflow when
+adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
+check to ensure that the addition does not overflow.
+
+Signed-off-by: Doug Flick <dougflick@microsoft.com>
+Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
+---
+ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+index 86ff2e769b..128090d98e 100644
+--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
++++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
+     RelocDir = &Hdr.Te->DataDirectory[0];
+   }
+ 
+-  if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
++  if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
+     RelocBase    = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
+     RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
+                                                   ImageContext,
+-- 
+2.27.0
+
diff --git a/edk2.spec b/edk2.spec
index 7cf8e545afd26dd5feb55affc0f338c07de52ec1..87b858ed1b314fc54cd9a66afe4a4dce76351fc3 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -1,4 +1,4 @@
-%define anolis_release 14
+%define anolis_release 15
 
 %undefine _auto_set_build_flags
 ExclusiveArch: x86_64 aarch64 loongarch64 riscv64
@@ -107,6 +107,7 @@ Patch1004: 1004-OvmfPkg-AmdSev-Add-missing-module-CsvDxe.patch
 # AmdSevX64.dsc, this will enable the OVMF.amdsev.fd to support Full Disk
 # Encryption right out of the box.
 Patch1005: 1005-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch
+Patch1006: 1006-MdePkg-Fix-overflow-issue-in-BasePeC.patch
 
 BuildRequires:  python3-devel
 BuildRequires:  libuuid-devel
@@ -559,6 +560,9 @@ rm -f %{buildroot}%{_datadir}/edk2/riscv/*.raw
 
 
 %changelog
+* Tue Jun 24 2025 Qiangwei Zhang <zhang.qiangwei@zte.com.cn> - 202402-15
+- MdePkg: Fix overflow issue in BasePeCoffLib (CVE-2024-38796)
+
 * Wed Jun 11 2025 Shangtong Guo <guo.shangtong@zte.com.cn> - 202402-14
 - fix build error on riscv64