diff --git a/backport-CVE-2021-42386.patch b/backport-CVE-2021-42386.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f275ad6d75e1881fff492e750df9e1cbcf1f79ed
--- /dev/null
+++ b/backport-CVE-2021-42386.patch
@@ -0,0 +1,121 @@
+From 6c4b56a32ae6b0eef673cbb97f49af639b4a5243 Mon Sep 17 00:00:00 2001
+From: jikui <jikui2@huawei.com>
+Date: Thu, 25 Nov 2021 19:54:41 +0800
+Subject: [PATCH] busybox: fix-CVE-2021-42386
+
+backport from upstream:
+https://git.busybox.net/busybox/patch/?h=1_34_stable&id=8b4c429025c233640bd5c5838552f34683a06fc0
+
+Signed-off-by: jikui <jikui2@huawei.com>
+---
+ editors/awk.c | 47 ++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 34 insertions(+), 13 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index d25508e..ea140fd 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -526,7 +526,9 @@ struct globals2 {
+ 	unsigned evaluate__seed;
+ 	regex_t evaluate__sreg;
+ 
+-	var ptest__v;
++	var ptest__tmpvar;
++	var awk_printf__tmpvar;
++	var as_regex__tmpvar;
+ 
+ 	tsplitter exec_builtin__tspl;
+ 
+@@ -1690,14 +1692,19 @@ static node *mk_splitter(const char *s, tsplitter *spl)
+ static regex_t *as_regex(node *op, regex_t *preg)
+ {
+ 	int cflags;
+-	var *v;
+ 	const char *s;
+ 
+ 	if ((op->info & OPCLSMASK) == OC_REGEXP) {
+ 		return icase ? op->r.ire : op->l.re;
+ 	}
+-	v = nvalloc(1);
+-	s = getvar_s(evaluate(op, v));
++
++#define TMPVAR (&G.as_regex__tmpvar)
++	//tmpvar = nvalloc(1);
++	// We use a single "static" tmpvar (instead of on-stack or malloced one)
++	// to decrease memory consumption in deeply-recursive awk programs.
++	// The rule to work safely is to never call evaluate() while our static
++	// TMPVAR's value is still needed.
++	s = getvar_s(evaluate(op, TMPVAR));
+ 
+ 	cflags = icase ? REG_EXTENDED | REG_ICASE : REG_EXTENDED;
+ 	/* Testcase where REG_EXTENDED fails (unpaired '{'):
+@@ -1709,7 +1716,8 @@ static regex_t *as_regex(node *op, regex_t *preg)
+ 		cflags &= ~REG_EXTENDED;
+ 		xregcomp(preg, s, cflags);
+ 	}
+-	nvfree(v);
++	//nvfree(v);
++#undef TMPVAR
+ 	return preg;
+ }
+ 
+@@ -1987,8 +1995,11 @@ static int hashwalk_next(var *v)
+ /* evaluate node, return 1 when result is true, 0 otherwise */
+ static int ptest(node *pattern)
+ {
+-	/* ptest__v is "static": to save stack space? */
+-	return istrue(evaluate(pattern, &G.ptest__v));
++	// We use a single "static" tmpvar (instead of on-stack or malloced one)
++	// to decrease memory consumption in deeply-recursive awk programs.
++	// The rule to work safely is to never call evaluate() while our static
++	// TMPVAR's value is still needed.
++	return istrue(evaluate(pattern, &G.ptest__tmpvar));
+ }
+ 
+ /* read next record from stream rsm into a variable v */
+@@ -2122,10 +2133,18 @@ static char *awk_printf(node *n)
+ 	const char *s1;
+ 	int i, j, incr, bsize;
+ 	char c, c1;
+-	var *v, *arg;
+-
+-	v = nvalloc(1);
+-	fmt = f = xstrdup(getvar_s(evaluate(nextarg(&n), v)));
++	var *arg;
++
++	//tmpvar = nvalloc(1);
++#define TMPVAR (&G.awk_printf__tmpvar)
++	// We use a single "static" tmpvar (instead of on-stack or malloced one)
++	// to decrease memory consumption in deeply-recursive awk programs.
++	// The rule to work safely is to never call evaluate() while our static
++	// TMPVAR's value is still needed.
++	fmt = f = xstrdup(getvar_s(evaluate(nextarg(&n), TMPVAR)));
++	// ^^^^^^^^^ here we immediately strdup() the value, so the later call
++	// to evaluate() potentially recursing into another awk_printf() can't
++	// mangle the value.
+ 
+ 	i = 0;
+ 	while (*f) {
+@@ -2145,7 +2164,7 @@ static char *awk_printf(node *n)
+ 			f++;
+ 		c1 = *f;
+ 		*f = '\0';
+-		arg = evaluate(nextarg(&n), v);
++		arg = evaluate(nextarg(&n), TMPVAR);
+ 
+ 		j = i;
+ 		if (c == 'c' || !c) {
+@@ -2166,7 +2185,9 @@ static char *awk_printf(node *n)
+ 	}
+ 
+ 	free(fmt);
+-	nvfree(v);
++	//nvfree(v);
++#undef TMPVAR
++
+ 	b = xrealloc(b, i + 1);
+ 	b[i] = '\0';
+ 	return b;
+-- 
+2.25.1
+
diff --git a/busybox.spec b/busybox.spec
index a9c2c13a9cbf5ea759894cacb1af39b7bc23d2c5..d1529f38d9edd07799287d5c0eded67b56941484 100644
--- a/busybox.spec
+++ b/busybox.spec
@@ -4,7 +4,7 @@
 %endif
 
 %if "%{!?RELEASE:1}"
-%define RELEASE 11
+%define RELEASE 12
 %endif
 
 Name: busybox
@@ -24,6 +24,7 @@ Patch6001: backport-CVE-2021-28831.patch
 Patch6002: backport-CVE-2021-42374.patch
 Patch6003: backport-CVE-2021-42377.patch
 Patch6004: backport-CVE-2021-42376.patch
+Patch6005: backport-CVE-2021-42386.patch
 
 BuildRoot:      %_topdir/BUILDROOT
 #Dependency
@@ -99,6 +100,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
 %{_mandir}/man1/busybox.petitboot.1.gz
 
 %changelog
+* Thu Nov 25 2021 jikui<jikui2@huawei.com> - 1:1.31.1-12
+- Type:CVE
+- Id:NA
+- SUG:NA
+- DESC: fix CVE-2021-42386
+
 * Wed Nov 24 2021 xiechengliang<xiechengliang1@huawei.com> - 1:1.31.1-11
 - Type:CVE
 - Id:NA