diff --git a/SOURCES/1001-i386-cpu-Clear-FEAT_XSAVE_XSS_LO-HI-leafs-when-CPUID.patch b/SOURCES/1001-i386-cpu-Clear-FEAT_XSAVE_XSS_LO-HI-leafs-when-CPUID.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ae30107a210772e659853b2f5ba0c3696d39446a
--- /dev/null
+++ b/SOURCES/1001-i386-cpu-Clear-FEAT_XSAVE_XSS_LO-HI-leafs-when-CPUID.patch
@@ -0,0 +1,41 @@
+From 1da6a28dfaafbee13e8f9f8ea9cfd5c2c1fbfe38 Mon Sep 17 00:00:00 2001
+From: Xiaoyao Li <xiaoyao.li@intel.com>
+Date: Mon, 15 Jan 2024 04:13:24 -0500
+Subject: [PATCH 1001/1004] i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when
+ CPUID_EXT_XSAVE is not available
+
+commit 81f5cad3858f27623b1b14467926032d229b76cc upstream.
+
+Leaf FEAT_XSAVE_XSS_LO and FEAT_XSAVE_XSS_HI also need to be cleared
+when CPUID_EXT_XSAVE is not set.
+
+Intel-SIG: commit 81f5cad3858f i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available
+Backport i386/cpu fixes
+
+Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
+Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
+Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
+Message-ID: <20240115091325.1904229-2-xiaoyao.li@intel.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jason Zeng <jason.zeng@intel.com>
+---
+ target/i386/cpu.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index cd16cb893daf..8b9ef218d3df 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -6927,6 +6927,8 @@ static void x86_cpu_enable_xsave_components(X86CPU *cpu)
+     if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
+         env->features[FEAT_XSAVE_XCR0_LO] = 0;
+         env->features[FEAT_XSAVE_XCR0_HI] = 0;
++        env->features[FEAT_XSAVE_XSS_LO] = 0;
++        env->features[FEAT_XSAVE_XSS_HI] = 0;
+         return;
+     }
+ 
+-- 
+2.43.2
+
diff --git a/SOURCES/1002-i386-cpu-Mask-with-XCR0-XSS-mask-for-FEAT_XSAVE_XCR0.patch b/SOURCES/1002-i386-cpu-Mask-with-XCR0-XSS-mask-for-FEAT_XSAVE_XCR0.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f8d5c5345a30d13231aa83ec49127ac9df459cc1
--- /dev/null
+++ b/SOURCES/1002-i386-cpu-Mask-with-XCR0-XSS-mask-for-FEAT_XSAVE_XCR0.patch
@@ -0,0 +1,45 @@
+From b9aee7674139c6e14437eea9335c1c09103d388a Mon Sep 17 00:00:00 2001
+From: Xiaoyao Li <xiaoyao.li@intel.com>
+Date: Mon, 15 Jan 2024 04:13:25 -0500
+Subject: [PATCH 1002/1004] i386/cpu: Mask with XCR0/XSS mask for
+ FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs
+
+commit a11a365159b944e05be76f3ec3b98c8b38cb70fd upstream.
+
+The value of FEAT_XSAVE_XCR0_HI leaf and FEAT_XSAVE_XSS_HI leaf also
+need to be masked by XCR0 and XSS mask respectively, to make it
+logically correct.
+
+Intel-SIG: commit a11a365159b9 i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs
+Backport i386/cpu fixes
+
+Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
+Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
+Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
+Message-ID: <20240115091325.1904229-3-xiaoyao.li@intel.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jason Zeng <jason.zeng@intel.com>
+---
+ target/i386/cpu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 8b9ef218d3df..a66e5a357b19 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -6947,9 +6947,9 @@ static void x86_cpu_enable_xsave_components(X86CPU *cpu)
+     }
+ 
+     env->features[FEAT_XSAVE_XCR0_LO] = mask & CPUID_XSTATE_XCR0_MASK;
+-    env->features[FEAT_XSAVE_XCR0_HI] = mask >> 32;
++    env->features[FEAT_XSAVE_XCR0_HI] = (mask & CPUID_XSTATE_XCR0_MASK) >> 32;
+     env->features[FEAT_XSAVE_XSS_LO] = mask & CPUID_XSTATE_XSS_MASK;
+-    env->features[FEAT_XSAVE_XSS_HI] = mask >> 32;
++    env->features[FEAT_XSAVE_XSS_HI] = (mask & CPUID_XSTATE_XSS_MASK) >> 32;
+ }
+ 
+ /***** Steps involved on loading and filtering CPUID data
+-- 
+2.43.2
+
diff --git a/SOURCES/1003-i386-cpuid-Decrease-cpuid_i-when-skipping-CPUID-leaf.patch b/SOURCES/1003-i386-cpuid-Decrease-cpuid_i-when-skipping-CPUID-leaf.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f01f90aee42d57628b911f5ff44ddbf671fb5595
--- /dev/null
+++ b/SOURCES/1003-i386-cpuid-Decrease-cpuid_i-when-skipping-CPUID-leaf.patch
@@ -0,0 +1,42 @@
+From 62a5f724b2d46fc0ec32f41072edc8c44827afdf Mon Sep 17 00:00:00 2001
+From: Xiaoyao Li <xiaoyao.li@intel.com>
+Date: Wed, 24 Jan 2024 21:40:14 -0500
+Subject: [PATCH 1003/1004] i386/cpuid: Decrease cpuid_i when skipping CPUID
+ leaf 1F
+
+commit 10f92799af8ba3c3cef2352adcd4780f13fbab31 upstream.
+
+Existing code misses a decrement of cpuid_i when skip leaf 0x1F.
+There's a blank CPUID entry(with leaf, subleaf as 0, and all fields
+stuffed 0s) left in the CPUID array.
+
+It conflicts with correct CPUID leaf 0.
+
+Intel-SIG: commit 10f92799af8b i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
+Backport i386/cpuid fixes
+
+Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
+Reviewed-by:Yang Weijiang <weijiang.yang@intel.com>
+Message-ID: <20240125024016.2521244-2-xiaoyao.li@intel.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jason Zeng <jason.zeng@intel.com>
+---
+ target/i386/kvm/kvm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
+index 4ce80555b45c..e68eb8f5e6b0 100644
+--- a/target/i386/kvm/kvm.c
++++ b/target/i386/kvm/kvm.c
+@@ -1914,6 +1914,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
+         }
+         case 0x1f:
+             if (env->nr_dies < 2) {
++                cpuid_i--;
+                 break;
+             }
+             /* fallthrough */
+-- 
+2.43.2
+
diff --git a/SOURCES/1004-i386-cpuid-Move-leaf-7-to-correct-group.patch b/SOURCES/1004-i386-cpuid-Move-leaf-7-to-correct-group.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4f0f5ef7bb4644a295fc9287dbcd681a39a1f521
--- /dev/null
+++ b/SOURCES/1004-i386-cpuid-Move-leaf-7-to-correct-group.patch
@@ -0,0 +1,53 @@
+From 555ebd23284b31f99cbbc9284ac4d62b7eaa8ebd Mon Sep 17 00:00:00 2001
+From: Xiaoyao Li <xiaoyao.li@intel.com>
+Date: Wed, 24 Jan 2024 21:40:16 -0500
+Subject: [PATCH 1004/1004] i386/cpuid: Move leaf 7 to correct group
+
+commit 0729857c707535847d7fe31d3d91eb8b2a118e3c upstream.
+
+CPUID leaf 7 was grouped together with SGX leaf 0x12 by commit
+b9edbadefb9e ("i386: Propagate SGX CPUID sub-leafs to KVM") by mistake.
+
+SGX leaf 0x12 has its specific logic to check if subleaf (starting from 2)
+is valid or not by checking the bit 0:3 of corresponding EAX is 1 or
+not.
+
+Leaf 7 follows the logic that EAX of subleaf 0 enumerates the maximum
+valid subleaf.
+
+Intel-SIG: commit 0729857c7075 i386/cpuid: Move leaf 7 to correct group
+Backport i386/cpu fixes
+
+Fixes: b9edbadefb9e ("i386: Propagate SGX CPUID sub-leafs to KVM")
+Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
+Message-ID: <20240125024016.2521244-4-xiaoyao.li@intel.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jason Zeng <jason.zeng@intel.com>
+---
+ target/i386/kvm/kvm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
+index e68eb8f5e6b0..a0bc9ea7b192 100644
+--- a/target/i386/kvm/kvm.c
++++ b/target/i386/kvm/kvm.c
+@@ -1955,7 +1955,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
+                 c = &cpuid_data.entries[cpuid_i++];
+             }
+             break;
+-        case 0x7:
+         case 0x12:
+             for (j = 0; ; j++) {
+                 c->function = i;
+@@ -1975,6 +1974,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
+                 c = &cpuid_data.entries[cpuid_i++];
+             }
+             break;
++        case 0x7:
+         case 0x14:
+         case 0x1d:
+         case 0x1e: {
+-- 
+2.43.2
+
diff --git a/SPECS/qemu.spec b/SPECS/qemu.spec
index e58992aab24c572e06f07f013ac240fbf32c5451..f3c48ebbb21ba9fc8ec82f48c28bbdc471f02cf6 100644
--- a/SPECS/qemu.spec
+++ b/SPECS/qemu.spec
@@ -152,6 +152,12 @@ Patch0008: CVE-2023-5088.patch
 # CVE-2023-3301
 # https://github.com/qemu/qemu/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8
 
+# i386/cpu fixes
+Patch1001: 1001-i386-cpu-Clear-FEAT_XSAVE_XSS_LO-HI-leafs-when-CPUID.patch
+Patch1002: 1002-i386-cpu-Mask-with-XCR0-XSS-mask-for-FEAT_XSAVE_XCR0.patch
+Patch1003: 1003-i386-cpuid-Decrease-cpuid_i-when-skipping-CPUID-leaf.patch
+Patch1004: 1004-i386-cpuid-Move-leaf-7-to-correct-group.patch
+
 BuildRequires: meson >= %{meson_version}
 BuildRequires: zlib-devel
 BuildRequires: glib2-devel