diff --git a/CVE-2023-49100.patch b/CVE-2023-49100.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0afed3b030641fe7c4aa954d41766ea67d111063
--- /dev/null
+++ b/CVE-2023-49100.patch
@@ -0,0 +1,37 @@
+From a7eff3477dcf3624c74f5217419b1a27b7ebd2aa Mon Sep 17 00:00:00 2001
+From: Manish Pandey <manish.pandey2@arm.com>
+Date: Thu, 26 Oct 2023 11:14:21 +0100
+Subject: fix(sdei): ensure that interrupt ID is valid
+
+As per SDEI spec (section 5.1.14.1), SDEI_INTERRUPT_BIND interface
+expects a valid PPI or SPI. SGI's are not allowed to be bounded.
+Current check in the code only checks for an SGI and returns invalid
+ID. This check is insufficient as it will not catch architecturally
+invalid interrupt IDs.
+
+Modify the check to ensure that interrupt is either PPI or SPI.
+
+Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
+Change-Id: I52eb0a6d7f88a12f6816cff9b68fb3a7ca12cbb7
+---
+ services/std_svc/sdei/sdei_main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/services/std_svc/sdei/sdei_main.c b/services/std_svc/sdei/sdei_main.c
+index 44178eddd3..0fd3c1d32c 100644
+--- a/services/std_svc/sdei/sdei_main.c
++++ b/services/std_svc/sdei/sdei_main.c
+@@ -710,8 +710,8 @@ static int sdei_interrupt_bind(unsigned int intr_num)
+ 	sdei_ev_map_t *map;
+ 	bool retry = true, shared_mapping;
+ 
+-	/* SGIs are not allowed to be bound */
+-	if (plat_ic_is_sgi(intr_num) != 0)
++	/* Interrupt must be either PPI or SPI */
++	if (!(plat_ic_is_ppi(intr_num) || plat_ic_is_spi(intr_num)))
+ 		return SDEI_EINVAL;
+ 
+ 	shared_mapping = (plat_ic_is_spi(intr_num) != 0);
+-- 
+cgit v1.2.3
+
diff --git a/arm-trusted-firmware.spec b/arm-trusted-firmware.spec
index 9628a4023f224f6297bda8f72dabf9db7c6ce8fe..77bc94b328db99b993c672241750c54244f1066a 100644
--- a/arm-trusted-firmware.spec
+++ b/arm-trusted-firmware.spec
@@ -2,7 +2,7 @@
 
 Name:          arm-trusted-firmware
 Version:       2.3
-Release:       3
+Release:       4
 Summary:       ARM Trusted Firmware
 License:       BSD
 URL:           https://github.com/ARM-software/arm-trusted-firmware/wiki
@@ -15,6 +15,8 @@ Patch0001:     CVE-2022-47630-2.patch
 Patch0002:     CVE-2022-47630-3.patch
 # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=abb8f936fd0ad085
 Patch0003:     CVE-2022-47630-4.patch
+# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a7eff3477dcf3624
+Patch0004:     CVE-2023-49100.patch
 ExclusiveArch: aarch64
 BuildRequires: dtc
 
@@ -69,6 +71,9 @@ strip %{buildroot}/%{_datadir}/%{name}/rk3368/bl31.elf
 %{_datadir}/%{name}
 
 %changelog
+* Tue Jan 23 2024 yaoxin <yao_xin001@hoperun.com> - 2.3-4
+- Fix CVE-2023-49100
+
 * Fri Dec 01 2023 yaoxin <yao_xin001@hoperun.com> - 2.3-3
 - Fix CVE-2022-47630