diff --git a/CVE-2024-25260.patch b/CVE-2024-25260.patch
new file mode 100644
index 0000000000000000000000000000000000000000..981a957bd0ceeb2e26b6466687f4108882501590
--- /dev/null
+++ b/CVE-2024-25260.patch
@@ -0,0 +1,35 @@
+From 373f5212677235fc3ca6068b887111554790f944 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Mon, 13 Nov 2023 22:38:10 +0100
+Subject: [PATCH] backends: Fix arm_machine_flag_name version string.
+
+arm_machine_flag_name checks the version byte and if not zero returns
+a version string. There are only 5 versions defined. So check the
+version byte is not larger.
+
+	* backends/arm_machineflagname.c (arm_machine_flag_name):
+	Check version <= 0, otherwise return NULL.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=31058
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ backends/arm_machineflagname.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/backends/arm_machineflagname.c b/backends/arm_machineflagname.c
+index e93092aee..d700d5f4b 100644
+--- a/backends/arm_machineflagname.c
++++ b/backends/arm_machineflagname.c
+@@ -48,7 +48,7 @@ arm_machine_flag_name (Elf64_Word orig, Elf64_Word *flagref)
+ 	  "Version5 EABI",
+         };
+       *flagref &= ~((Elf64_Word) EF_ARM_EABIMASK);
+-      return vername[version - 1];
++      return version <= 5 ? vername[version - 1] : NULL;
+     }
+   switch (EF_ARM_EABI_VERSION (orig))
+     {
+-- 
+2.39.3
+
diff --git a/elfutils.spec b/elfutils.spec
index 40fc9da1d9e76c9f7211acf4a05e291142cedf9f..95ac58b186390f791d4e7fc11be291134a57d5e7 100644
--- a/elfutils.spec
+++ b/elfutils.spec
@@ -1,7 +1,7 @@
 # -*- rpm-spec from http://elfutils.org/ -*-
 Name: elfutils
 Version: 0.190
-Release: 1
+Release: 2
 Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
 URL: http://elfutils.org/
 License: GPLv3+ and (GPLv2+ or LGPLv3+)
@@ -9,6 +9,7 @@ Source: https://sourceware.orgelfutils/ftp/%{version}/elfutils-%{version}.tar.bz
 
 Patch0: Fix-segfault-in-eu-ar-m.patch
 Patch1: Fix-issue-of-moving-files-by-ar-or-br.patch
+Patch2: CVE-2024-25260.patch
 
 Requires: elfutils-libelf = %{version}-%{release}
 Requires: elfutils-libs = %{version}-%{release}
@@ -322,6 +323,12 @@ exit 0
 %systemd_postun_with_restart debuginfod.service
 
 %changelog
+* Thu Feb 22 2024 liweigang <venland30@gmail.com> - 0.190-2
+- Type: CVE
+- CVE: CVE-2024-25260
+- SUG: NA
+- DESC: fix CVE-2024-25260
+
 * Thu Jan 25 2024 shixuantong <shixuantong1@huawei.com> - 0.190-1
 - Type:bugfix
 - CVE:NA