diff --git a/crun.spec b/crun.spec
index 060d83306987e69606f9d0c23221ca663591b856..067dd7728d229bb6c7d486c5fb6cd47b7c2e1286 100644
--- a/crun.spec
+++ b/crun.spec
@@ -1,9 +1,10 @@
 Name:            crun
 Version:         1.4.3
-Release:         1
+Release:         2
 Summary:         A fast and low-memory footprint OCI Container Runtime fully written in C.
 URL:             https://github.com/containers/%{name}
 Source0:         https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.xz
+Patch0:          fix-CVE-2022-27650.patch
 License:         GPLv2+ and LGPLv2.1+
 BuildRequires:   autoconf automake gcc python
 BuildRequires:   libcap-devel systemd-devel yajl-devel libseccomp-devel libselinux-devel
@@ -42,6 +43,9 @@ rm -rf %{buildroot}%{_prefix}/lib*
 %{_mandir}/man1/*
 
 %changelog
+* Mon May 23 2022 fushanqing <fushanqing@kylinos.cn> - 1.4.3-2
+- fix CVE-2022-27650.
+
 * Tue Mar 1 2022 fu-shanqing <fushanqing@kylinos.cn> - 1.4.3-1
 - Update to 1.4.3
 
diff --git a/fix-CVE-2022-27650.patch b/fix-CVE-2022-27650.patch
new file mode 100644
index 0000000000000000000000000000000000000000..975dc9efa70913e366555f106c2021dea53a44f2
--- /dev/null
+++ b/fix-CVE-2022-27650.patch
@@ -0,0 +1,14 @@
+diff -Naru crun-1.4.3/src/exec.c crun-1.4.3-new/src/exec.c
+--- crun-1.4.3/src/exec.c	2021-11-05 14:53:28.000000000 +0800
++++ crun-1.4.3-new/src/exec.c	2022-05-23 13:51:13.000000000 +0800
+@@ -304,8 +304,8 @@
+           capabilities->effective = exec_options.cap;
+           capabilities->effective_len = exec_options.cap_size;
+ 
+-          capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
+-          capabilities->inheritable_len = exec_options.cap_size;
++          capabilities->inheritable = NULL;
++          capabilities->inheritable_len = 0;
+ 
+           capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
+           capabilities->bounding_len = exec_options.cap_size;