diff --git a/1094-Fix-CVE-2025-0395.patch b/1094-Fix-CVE-2025-0395.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e9ad893ce27787cd987d2af8ade3919f342466ba
--- /dev/null
+++ b/1094-Fix-CVE-2025-0395.patch
@@ -0,0 +1,57 @@
+From ed2322802744a9b10cd79e62eb016bda2d4b3716 Mon Sep 17 00:00:00 2001
+From: mgb01105731 <mgb01105731@alibaba-inc.com>
+Date: Thu, 8 May 2025 23:28:50 -0400
+Subject: [PATCH 1/1] Fix CVE-2025-0395
+
+---
+ assert/assert.c            | 4 +++-
+ sysdeps/posix/libc_fatal.c | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/assert/assert.c b/assert/assert.c
+index b7c7a4a1..65a9fedf 100644
+--- a/assert/assert.c
++++ b/assert/assert.c
+@@ -18,6 +18,7 @@
+ #include <assert.h>
+ #include <atomic.h>
+ #include <ldsodefs.h>
++#include <libc-pointer-arith.h>
+ #include <libintl.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -64,7 +65,8 @@ __assert_fail_base (const char *fmt, const char *assertion, const char *file,
+       (void) __fxprintf (NULL, "%s", str);
+       (void) fflush (stderr);
+ 
+-      total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
++      total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
++			GLRO(dl_pagesize));
+       struct abort_msg_s *buf = __mmap (NULL, total, PROT_READ | PROT_WRITE,
+ 					MAP_ANON | MAP_PRIVATE, -1, 0);
+       if (__glibc_likely (buf != MAP_FAILED))
+diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
+index 70edcc10..9ffa7428 100644
+--- a/sysdeps/posix/libc_fatal.c
++++ b/sysdeps/posix/libc_fatal.c
+@@ -20,6 +20,7 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <ldsodefs.h>
++#include <libc-pointer-arith.h>
+ #include <paths.h>
+ #include <stdarg.h>
+ #include <stdbool.h>
+@@ -123,7 +124,8 @@ __libc_message (const char *fmt, ...)
+ 
+       WRITEV_FOR_FATAL (fd, iov, nlist, total);
+ 
+-      total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
++      total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
++			    GLRO(dl_pagesize));
+       struct abort_msg_s *buf = __mmap (NULL, total,
+ 					PROT_READ | PROT_WRITE,
+ 					MAP_ANON | MAP_PRIVATE, -1, 0);
+-- 
+2.41.0
+
diff --git a/glibc.spec b/glibc.spec
index 8ed053aff6bb3f29ab011e19eb73815caecf82d4..90da0b2c292d36a40d6874d40abe8c3fa35f7ca3 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,4 +1,4 @@
-%define anolis_release 6
+%define anolis_release 7
 
 %bcond_without testsuite
 %bcond_without benchtests
@@ -111,6 +111,8 @@ Patch0192: 0092-fix-cve-2024-33599.patch
 #https://sourceware.org/git/?p=glibc.git;a=commit;h=b048a482f088e53144d26a61c390bed0210f49f2
 #https://sourceware.org/git/?p=glibc.git;a=commit;h=7835b00dbce53c3c87bbbb1754a95fb5e58187aa
 Patch0193: 0093-fix-cve-2024-33600.patch
+#https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7971add7ee4171fdd8dfd17e7c04c4ed77a18845
+Patch0194: 1094-Fix-CVE-2025-0395.patch
 
 # Part 3000 ~ 4999
 Patch3000: LoongArch-Redefine-macro-LEAF-ENTRY.patch
@@ -1114,6 +1116,9 @@ update_gconv_modules_cache ()
 %{_libdir}/libpthread_nonshared.a
 
 %changelog
+* Fri May 09 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 2.38-7
+- Add patch to fix CVE-2025-0395
+
 * Mon Jan 13 2025 yangxinyu <yangxinyu@nfschina.com> - 2.38-6
 - fix CVE-2024-33599 CVE-2024-33600