diff --git a/VERSION-vendor b/VERSION-vendor
index 444a13a2ff6f4d001af3529d9d85ed1c2cdac78d..87d26b0011d4e8f087ad1ccdb2dea1a9505bb911 100644
--- a/VERSION-vendor
+++ b/VERSION-vendor
@@ -1 +1 @@
-18.09.0.270
+18.09.0.271
diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec
index 54ae9491e3dd1e5dfd162c112ca9ae109c78a3a2..fee6c8de62d32154dce7f74f98f4b460c7278efb 100644
--- a/docker-engine-openeuler.spec
+++ b/docker-engine-openeuler.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 270
+Release: 271
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
@@ -199,6 +199,12 @@ fi
 %endif
 
 %changelog
+* Fri Dec 06 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1:18.09.0-271
+- Type:CVE
+- CVE:CVE-2024-36623
+- SUG:NA
+- DESC:fix CVE-2024-36623
+
 * Mon Dec 02 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1:18.09.0-270
 - Type:CVE
 - CVE:CVE-2024-36621
diff --git a/patch/0281-docker-builder-next-fix-missing-lock-in-ensurelayer.patch b/patch/0281-backport-fix-CVE-2024-36621.patch
similarity index 100%
rename from patch/0281-docker-builder-next-fix-missing-lock-in-ensurelayer.patch
rename to patch/0281-backport-fix-CVE-2024-36621.patch
diff --git a/patch/0282-backport-fix-CVE-2024-36623.patch b/patch/0282-backport-fix-CVE-2024-36623.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4c077e617b951e1d9ff3036a26e941570966b85a
--- /dev/null
+++ b/patch/0282-backport-fix-CVE-2024-36623.patch
@@ -0,0 +1,48 @@
+From 5e02d7625ef0472e0be29acb30e47255546ced58 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= <pawel.gronowski@docker.com>
+Date: Thu, 22 Feb 2024 18:01:40 +0100
+Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Sync access to the underlying `io.Writer` with a mutex.
+
+Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
+---
+ components/engine/pkg/streamformatter/streamformatter.go | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/components/engine/pkg/streamformatter/streamformatter.go b/components/engine/pkg/streamformatter/streamformatter.go
+index 04917d49ab..eaa82e1010 100644
+--- a/components/engine/pkg/streamformatter/streamformatter.go
++++ b/components/engine/pkg/streamformatter/streamformatter.go
+@@ -5,6 +5,7 @@ import (
+ 	"encoding/json"
+ 	"fmt"
+ 	"io"
++	"sync"
+ 
+ 	"github.com/docker/docker/pkg/jsonmessage"
+ 	"github.com/docker/docker/pkg/progress"
+@@ -109,6 +110,7 @@ type progressOutput struct {
+ 	sf       formatProgress
+ 	out      io.Writer
+ 	newLines bool
++	mu       sync.Mutex
+ }
+ 
+ // WriteProgress formats progress information from a ProgressReader.
+@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error {
+ 		jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units}
+ 		formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux)
+ 	}
++
++	out.mu.Lock()
++	defer out.mu.Unlock()
+ 	_, err := out.out.Write(formatted)
+ 	if err != nil {
+ 		return err
+-- 
+2.33.0
+
diff --git a/series.conf b/series.conf
index 4d24f2729fd7d6abdcfb12af9f495488859d1036..48779bc4ffe8d0bddaa5d127ddd51eb3a7dfd71f 100644
--- a/series.conf
+++ b/series.conf
@@ -268,5 +268,6 @@ patch/0276-docker-Ignore-SIGURG-on-Linux.patch
 patch/0277-backport-fix-CVE-2024-41110.patch
 patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch
 patch/0279-docker-try-to-reconnect-when-containerd-grpc-return-.patch
-patch/0281-docker-builder-next-fix-missing-lock-in-ensurelayer.patch
+patch/0281-backport-fix-CVE-2024-36621.patch
+patch/0282-backport-fix-CVE-2024-36623.patch
 #end