diff --git a/1094-Fix-CVE-2025-0395.patch b/1094-Fix-CVE-2025-0395.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e9ad893ce27787cd987d2af8ade3919f342466ba
--- /dev/null
+++ b/1094-Fix-CVE-2025-0395.patch
@@ -0,0 +1,57 @@
+From ed2322802744a9b10cd79e62eb016bda2d4b3716 Mon Sep 17 00:00:00 2001
+From: mgb01105731 <mgb01105731@alibaba-inc.com>
+Date: Thu, 8 May 2025 23:28:50 -0400
+Subject: [PATCH 1/1] Fix CVE-2025-0395
+
+---
+ assert/assert.c            | 4 +++-
+ sysdeps/posix/libc_fatal.c | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/assert/assert.c b/assert/assert.c
+index b7c7a4a1..65a9fedf 100644
+--- a/assert/assert.c
++++ b/assert/assert.c
+@@ -18,6 +18,7 @@
+ #include <assert.h>
+ #include <atomic.h>
+ #include <ldsodefs.h>
++#include <libc-pointer-arith.h>
+ #include <libintl.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -64,7 +65,8 @@ __assert_fail_base (const char *fmt, const char *assertion, const char *file,
+       (void) __fxprintf (NULL, "%s", str);
+       (void) fflush (stderr);
+ 
+-      total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
++      total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
++			GLRO(dl_pagesize));
+       struct abort_msg_s *buf = __mmap (NULL, total, PROT_READ | PROT_WRITE,
+ 					MAP_ANON | MAP_PRIVATE, -1, 0);
+       if (__glibc_likely (buf != MAP_FAILED))
+diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
+index 70edcc10..9ffa7428 100644
+--- a/sysdeps/posix/libc_fatal.c
++++ b/sysdeps/posix/libc_fatal.c
+@@ -20,6 +20,7 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <ldsodefs.h>
++#include <libc-pointer-arith.h>
+ #include <paths.h>
+ #include <stdarg.h>
+ #include <stdbool.h>
+@@ -123,7 +124,8 @@ __libc_message (const char *fmt, ...)
+ 
+       WRITEV_FOR_FATAL (fd, iov, nlist, total);
+ 
+-      total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
++      total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
++			    GLRO(dl_pagesize));
+       struct abort_msg_s *buf = __mmap (NULL, total,
+ 					PROT_READ | PROT_WRITE,
+ 					MAP_ANON | MAP_PRIVATE, -1, 0);
+-- 
+2.41.0
+
diff --git a/glibc.spec b/glibc.spec
index 5435211517611594fd630ff9648f8ce67bb260a4..2afc698d9d9258af4e5885e278800489bd9f4c56 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,4 +1,4 @@
-%define anolis_release 8
+%define anolis_release 9
 
 %bcond_without testsuite
 %bcond_without benchtests
@@ -106,6 +106,8 @@ Patch0190: 0090-CVE-2024-2961.patch
 # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=71af8ca864345d39b746d5cee84b94b430fad5db
 Patch0191: 0091-CVE-2024-33602.patch
 
+Patch0192: 1094-Fix-CVE-2025-0395.patch
+
 # Part 3000 ~ 4999
 Patch3000: LoongArch-Redefine-macro-LEAF-ENTRY.patch
 Patch3001: LoongArch-Add-minuimum-binutils-required-version.patch
@@ -1123,6 +1125,9 @@ update_gconv_modules_cache ()
 %{_libdir}/libpthread_nonshared.a
 
 %changelog
+* Tue May 27 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 2.38-9
+- Add patch to fix CVE-2025-0395
+
 * Thu Jan 02 2025 Peng Fan <fanpeng@loongson.cn> - 2.38-8
 - LoongArch: Force SHMLBA the same as kernel