diff --git a/0039-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch b/0039-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..dbf1312cef0176f07d178735098368ce514382ca
--- /dev/null
+++ b/0039-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch
@@ -0,0 +1,44 @@
+From 7cfcc79b0ab800959716738aff9419f53fc68c9c Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Mon, 25 Sep 2023 11:18:54 +0200
+Subject: [PATCH] hw/scsi/scsi-disk: Disallow block sizes smaller than 512
+ [CVE-2023-42467]
+
+We are doing things like
+
+    nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
+
+in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if
+the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes
+with a division by 0 exception. Thus disallow block sizes of 256
+bytes to avoid this situation.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813
+CVE: 2023-42467
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+Message-ID: <20230925091854.49198-1-thuth@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/scsi-disk.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
+index e0d79c7966..477ee2bcd4 100644
+--- a/hw/scsi/scsi-disk.c
++++ b/hw/scsi/scsi-disk.c
+@@ -1628,9 +1628,10 @@ static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
+          * Since the existing code only checks/updates bits 8-15 of the block
+          * size, restrict ourselves to the same requirement for now to ensure
+          * that a block size set by a block descriptor and then read back by
+-         * a subsequent SCSI command will be the same
++         * a subsequent SCSI command will be the same. Also disallow a block
++         * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE.
+          */
+-        if (bs && !(bs & ~0xff00) && bs != s->qdev.blocksize) {
++        if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) {
+             s->qdev.blocksize = bs;
+             trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize);
+         }
+-- 
+2.39.3
+
diff --git a/qemu.spec b/qemu.spec
index 1a775f7945fc1d2ba62ddda0eb36063e84ff429d..b18017fc630d8b755d4a8e15932267d40f57a072 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,4 +1,4 @@
-%define anolis_release 15
+%define anolis_release 16
 
 %bcond_with check
 
@@ -358,6 +358,8 @@ Patch1050: 1050-target-i386-Add-new-Hygon-Dharma-CPU-model.patch
 # Fix CVE-2024-3446
 # https://github.com/qemu/qemu/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132
 Patch0038: 0038-hw-display-virtio-gpu-Protect-from-DMA-re-entrancy-b.patch
+# https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c
+Patch0039: 0039-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch
 
 ExclusiveArch: x86_64 aarch64 loongarch64
 
@@ -1921,6 +1923,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif
 
 %changelog
+* Thu Jun 27 2024 Chang Gao <gc-taifu@linux.alibaba.com> -2.8.2.0-16
+- Fix 2023-42467
+
 * Wed May 29 2024 Chang Gao <gc-taifu@linux.alibaba.com> -2.8.2.0-15
 - Fix CVE-2024-3446