diff --git a/0027-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch b/0027-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e670922a93780088a750eb54a88f4fed5dfd496d
--- /dev/null
+++ b/0027-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
@@ -0,0 +1,102 @@
+From fe9395b9fe1507236eafd147dc0cd4a8c9bf1fe6 Mon Sep 17 00:00:00 2001
+From: chenhuiying <chenhuiying4@huawei.com>
+Date: Sat, 25 Feb 2023 17:54:23 +0800
+Subject: [PATCH] Correctly compare EdiPartyName in GENERAL_NAME_cmp()
+
+If a GENERAL_NAME field contained EdiPartyName data then it was
+incorrectly being handled as type "other". This could lead to a
+segmentation fault.
+
+Many thanks to David Benjamin from Google for reporting this issue.
+
+CVE-2020-1971
+
+reference: https://github.com/openssl/openssl/commit/f960d81215ebf3f65e03d4d5d857fb9b666d6920
+Signed-off-by: chenhuiying <chenhuiying4@huawei.com>
+---
+ .../openssl/crypto/x509v3/v3_genn.c           | 45 +++++++++++++++++--
+ 1 file changed, 42 insertions(+), 3 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
+index 23e3bc4..23778e2 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
+@@ -57,6 +57,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
+                                     (char *)a);
+ }
+ 
++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
++{
++    int res;
++
++    if (a == NULL || b == NULL) {
++        /*
++         * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
++         * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
++         */
++        return -1;
++    }
++    if (a->nameAssigner == NULL && b->nameAssigner != NULL)
++        return -1;
++    if (a->nameAssigner != NULL && b->nameAssigner == NULL)
++        return 1;
++    /* If we get here then both have nameAssigner set, or both unset */
++    if (a->nameAssigner != NULL) {
++        res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
++        if (res != 0)
++            return res;
++    }
++    /*
++     * partyName is required, so these should never be NULL. We treat it in
++     * the same way as the a == NULL || b == NULL case above
++     */
++    if (a->partyName == NULL || b->partyName == NULL)
++        return -1;
++
++    return ASN1_STRING_cmp(a->partyName, b->partyName);
++}
++
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ {
+@@ -66,8 +97,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+         return -1;
+     switch (a->type) {
+     case GEN_X400:
++        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++        break;
++
+     case GEN_EDIPARTY:
+-        result = ASN1_TYPE_cmp(a->d.other, b->d.other);
++        result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+         break;
+ 
+     case GEN_OTHERNAME:
+@@ -114,8 +148,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+ {
+     switch (type) {
+     case GEN_X400:
++        a->d.x400Address = value;
++        break;
++
+     case GEN_EDIPARTY:
+-        a->d.other = value;
++        a->d.ediPartyName = value;
+         break;
+ 
+     case GEN_OTHERNAME:
+@@ -149,8 +186,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype)
+         *ptype = a->type;
+     switch (a->type) {
+     case GEN_X400:
++        return a->d.x400Address;
++
+     case GEN_EDIPARTY:
+-        return a->d.other;
++        return a->d.ediPartyName;
+ 
+     case GEN_OTHERNAME:
+         return a->d.otherName;
+-- 
+2.27.0
+
diff --git a/0028-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch b/0028-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
new file mode 100644
index 0000000000000000000000000000000000000000..24e3c8a9b64f3a28bbb093777d01ffc32b709b79
--- /dev/null
+++ b/0028-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
@@ -0,0 +1,41 @@
+From 7553d2119f3c899f779eaacafff63feaa843814a Mon Sep 17 00:00:00 2001
+From: s00803682 <shaodenghui@huawei.com>
+Date: Sat, 25 Feb 2023 18:22:13 +0800
+Subject: [PATCH] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1)
+
+REF: https://github.com/openssl/openssl/commit/2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
+Signed-off-by: chenhuiying <chenhuiying4@huawei.com>
+---
+ CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c  | 2 +-
+ CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
+index 23778e2..12ce733 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
+@@ -97,7 +97,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+         return -1;
+     switch (a->type) {
+     case GEN_X400:
+-        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
+         break;
+ 
+     case GEN_EDIPARTY:
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h b/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h
+index 6c6eca3..b80438d 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h
++++ b/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h
+@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st {
+         OTHERNAME *otherName;   /* otherName */
+         ASN1_IA5STRING *rfc822Name;
+         ASN1_IA5STRING *dNSName;
+-        ASN1_TYPE *x400Address;
++        ASN1_STRING *x400Address;
+         X509_NAME *directoryName;
+         EDIPARTYNAME *ediPartyName;
+         ASN1_IA5STRING *uniformResourceIdentifier;
+-- 
+2.27.0
+
diff --git a/edk2.spec b/edk2.spec
index 2abfb5e1b7088f06a7a4ea1b47af750712bf50c3..ecbbf196e3361e2661aec323dc50b3b7253f13e8 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -5,7 +5,7 @@
 
 Name: edk2
 Version: %{stable_date}
-Release: 10
+Release: 11
 Summary: EFI Development Kit II
 License: BSD-2-Clause-Patent
 URL: https://github.com/tianocore/edk2
@@ -47,6 +47,8 @@ Patch0023: 0023-PATCH-Avoid-dangling-ptrs-in-header-and-data-params-.patch
 Patch0024: 0024-PATCH-pk7_doit.c-Check-return-of-BIO_set_md-calls.patch
 Patch0025: 0025-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch
 Patch0026: 0026-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch
+Patch0027: 0027-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
+Patch0028: 0028-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
 
 BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command
 
@@ -248,6 +250,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif
 
 %changelog
+* Sun Feb 26 2023 chenhuiying<chenhuiying4@huawei.com> - 202011-11
+- fix CVE-2023-0286
+
 * Sun Feb 26 2023 chenhuiying<chenhuiying4@huawei.com> - 202011-10
 - fix CVE-2023-0215