diff --git a/backport-CVE-2021-3588.patch b/backport-CVE-2021-3588.patch
new file mode 100644
index 0000000000000000000000000000000000000000..797613978d73f190a0cb7b4aaef38773c87eaa0f
--- /dev/null
+++ b/backport-CVE-2021-3588.patch
@@ -0,0 +1,33 @@
+From 9e6889d3b9d8f4dcc1ba57e6345d1efb2fbe1e77 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Mon, 4 Jan 2021 10:41:53 -0800
+Subject: [PATCH] gatt: Fix potential buffer out-of-bound
+
+When client features is read check if the offset is within the cli_feat
+bounds.
+
+Fixes: https://github.com/bluez/bluez/issues/70
+
+---
+ src/gatt-database.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/gatt-database.c b/src/gatt-database.c
+index c11d14b..a6530ba 100644
+--- a/src/gatt-database.c
++++ b/src/gatt-database.c
+@@ -1082,6 +1082,11 @@ static void cli_feat_read_cb(struct gatt_db_attribute *attrib,
+ 		goto done;
+ 	}
+ 
++	if (offset >= sizeof(state->cli_feat)) {
++		ecode = BT_ATT_ERROR_INVALID_OFFSET;
++		goto done;
++	}
++
+ 	len = sizeof(state->cli_feat) - offset;
+ 	value = len ? &state->cli_feat[offset] : NULL;
+ 
+-- 
+2.23.0
+
diff --git a/bluez.spec b/bluez.spec
index 4419b5ee5fbdb24ff97a3a19e6756f809cb1c287..1702a8097b59365498fb66cee5a98526e4335587 100644
--- a/bluez.spec
+++ b/bluez.spec
@@ -1,7 +1,7 @@
 Name:             bluez
 Summary:          Bluetooth utilities
 Version:          5.54
-Release:          1
+Release:          2
 License:          GPLv2+
 URL:              http://www.bluez.org/
 Source0:          http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@@ -16,6 +16,7 @@ Patch0002:        0001-build-Always-define-confdir-and-statedir.patch
 Patch0003:        0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
 Patch0004:        0003-systemd-Add-more-filesystem-lockdown.patch
 Patch0005:        0004-systemd-More-lockdown.patch
+Patch0006:        backport-CVE-2021-3588.patch
 
 BuildRequires:    dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
 BuildRequires:    git-core glib2-devel libical-devel readline-devel 
@@ -172,6 +173,12 @@ make check
 %{_mandir}/man8/*
 
 %changelog
+* Sat Jun 26 2021 zhanzhimin <zhanzhimin@huawei.com> - 5.54-2
+- Type:CVE
+- ID:CVE-2021-3588
+- SUG:NA
+- DESC:fix CVE-2021-3588
+
 * Sat Aug 29 2020 jinzhimin <jinzhimin2@huawei.com> - 5.54-1
 - update to 5.54