diff --git a/backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch b/backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cc391d680133c2794e350600a96f7e4a9fd93543
--- /dev/null
+++ b/backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch
@@ -0,0 +1,38 @@
+From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 16 Jan 2024 13:48:32 -0800
+Subject: [PATCH] split: do not shrink hold buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/split.c (line_bytes_split): Do not shrink hold buffer.
+If it's large for this batch it's likely to be large for the next
+batch, and for 'split' it's not worth the complexity/CPU hassle to
+shrink it. Do not assume hold_size can be bufsize.
+
+Conflict: NA
+Reference: https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9
+
+---
+ src/split.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/split.c b/src/split.c
+index d872ec5..4337b2d 100644
+--- a/src/split.c
++++ b/src/split.c
+@@ -811,10 +811,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
+             {
+               cwrite (n_out == 0, hold, n_hold);
+               n_out += n_hold;
+-              if (n_hold > bufsize)
+-                hold = xirealloc (hold, bufsize);
+               n_hold = 0;
+-              hold_size = bufsize;
+             }
+ 
+           /* Output to eol if present.  */
+-- 
+2.36.1
+
diff --git a/coreutils.spec b/coreutils.spec
index ee58f0704d1a4d28c42390089ca1aaf6bf883c50..671e9d49f30b97e4bcbf048bcf7a2ce5ab75f5eb 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,6 +1,6 @@
 Name:       coreutils
 Version:    9.3
-Release:    2
+Release:    3
 License:    GPLv3+
 Summary:    A set of basic GNU tools commonly used in shell scripts
 Url:        https://www.gnu.org/software/coreutils/
@@ -21,6 +21,7 @@ Patch6:    skip-the-tests-that-require-selinux-if-selinux-is-di.patch
 Patch7:    backport-config-color-alias-for-ls.patch
 Patch8:    backport-coreutils-i18n.patch
 Patch9:    backport-pr-fix-infinite-loop-when-double-spacing.patch
+patch10:   backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch
 
 Patch9000:   openEuler-coreutils-df-direct.patch
 %ifarch sw_64
@@ -154,6 +155,9 @@ fi
 %{_mandir}/man*/*
 
 %changelog
+* Wed Jan 24 2024 Jiangchuangang <jiangchuangang@huawei.com> - 9.3-3
+- fix CVE-2024-0684
+
 * Tue Aug 8 2023 Funda Wang <fundawang@yeah.net> - 9.3-2
 - Add alias for sm3sum