diff --git a/backport-CVE-2022-38126.patch b/backport-CVE-2022-38126.patch
new file mode 100644
index 0000000000000000000000000000000000000000..21000dab27c1e4801697c77897747afeb7102b3c
--- /dev/null
+++ b/backport-CVE-2022-38126.patch
@@ -0,0 +1,34 @@
+From 753efb93dc018558c483111fbfe14c4ee8c84c51 Mon Sep 17 00:00:00 2001
+From: yinyongkang <yinyongkang@kylinos.cn>
+Date: Thu, 8 Sep 2022 17:14:11 +0800
+Subject: [PATCH] Replace a run-time assertion failure with a warning message
+ when parsing corrupt...
+
+PR 29289
+* dwarf.c (display_debug_names): Replace assert with a warning
+message.
+---
+ binutils/dwarf.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 1e7f4db7..7c54820a 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -9781,7 +9781,12 @@ display_debug_names (struct dwarf_section *section, void *file)
+       printf (_("Out of %lu items there are %zu bucket clashes"
+ 		" (longest of %zu entries).\n"),
+ 	      (unsigned long) name_count, hash_clash_count, longest_clash);
+-      assert (name_count == buckets_filled + hash_clash_count);
++         
++      if (name_count != buckets_filled + hash_clash_count)
++        warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"),
++              (unsigned long) name_count,
++              (unsigned long) buckets_filled,
++              (unsigned long) hash_clash_count);
+ 
+       struct abbrev_lookup_entry
+       {
+-- 
+2.33.0
+
diff --git a/backport-CVE-2022-38533.patch b/backport-CVE-2022-38533.patch
new file mode 100644
index 0000000000000000000000000000000000000000..31f667277048f97c9c1b18162687b68b37eca862
--- /dev/null
+++ b/backport-CVE-2022-38533.patch
@@ -0,0 +1,33 @@
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+
+	PR 29482
+	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index 67aaf158ca1..52027981c3f 100644
+--- a/bfd/coffcode.h
++++ b/bfd/coffcode.h
+@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+ 	rec = (bfd_byte *) location;
+ 	recend = rec + count;
+-	while (rec < recend)
++	while (recend - rec >= 4)
+ 	  {
++	    size_t len = bfd_get_32 (abfd, rec);
++	    if (len == 0 || len > (size_t) (recend - rec) / 4)
++	      break;
++	    rec += len * 4;
+ 	    ++section->lma;
+-	    rec += bfd_get_32 (abfd, rec) * 4;
+ 	  }
+ 
+ 	BFD_ASSERT (rec == recend);
+-- 
+2.39.3
\ No newline at end of file
diff --git a/backport-CVE-2025-7546.patch b/backport-CVE-2025-7546.patch
new file mode 100644
index 0000000000000000000000000000000000000000..49a4658aa8515b6c6e4d2148a528e7638102146b
--- /dev/null
+++ b/backport-CVE-2025-7546.patch
@@ -0,0 +1,42 @@
+From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:52:00 +0800
+Subject: [PATCH 1/1] elf: Report corrupted group section
+
+Report corrupted group section instead of trying to recover.
+
+	PR binutils/33050
+	* elf.c (bfd_elf_set_group_contents): Report corrupted group
+	section.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+---
+ bfd/elf.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 14ce15c7254..ee894eb05f2 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -3971,8 +3971,18 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
+ 	break;
+     }
+ 
++  /* We should always get here with loc == sec->contents + 4.  Return
++     an error for bogus SHT_GROUP sections.  */
+   loc -= 4;
+-  BFD_ASSERT (loc == sec->contents);
++  if (loc != sec->contents)
++    {
++      /* xgettext:c-format */
++      _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
++			  abfd, sec);
++      bfd_set_error (bfd_error_bad_value);
++      *failedptr = TRUE;
++      return;
++    }
+ 
+   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
+-- 
+2.43.7
diff --git a/binutils.spec b/binutils.spec
index 96bc28394c110da738101f5549078b077bdf6ace..baa41f9ddc6a43e53f722375e48db49f41dff892 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -1,7 +1,7 @@
 Summary: Binary utilities
 Name:    binutils
 Version: 2.34
-Release: 37
+Release: 38
 License: GPLv3+
 URL:     https://sourceware.org/binutils
 
@@ -71,7 +71,10 @@ Patch56: backport-CVE-2025-0840.patch
 Patch57: backport-CVE-2025-3198.patch
 Patch58: backport-CVE-2025-5244.patch
 Patch59: backport-CVE-2025-5245.patch
-Patch60: backport-CVE-2025-7545.patch 
+Patch60: backport-CVE-2025-7545.patch
+Patch61: backport-CVE-2022-38126.patch
+Patch62: backport-CVE-2022-38533.patch
+Patch63: backport-CVE-2025-7546.patch
 
 Provides: bundled(libiberty)
 
@@ -326,6 +329,9 @@ fi
 %{_infodir}/bfd*info*
 
 %changelog
+* Fri Aug 29 2025 eastb233 <xiezhiheng@huawei> - 2.34-38
+- Fix CVE-2022-38126, CVE-2022-38533, CVE-2025-7546
+
 * Wed Aug 20 2025 Yu Peng <yupeng@kylinos.cn> - 2.34-37
 - Fix CVE-2025-7545:objcopy: Don't extend the output section size