diff --git a/backport-fs-udf-Fix-out-of-bounds-access.patch b/backport-fs-udf-Fix-out-of-bounds-access.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c0cc8a87ff8e95a7dc60d47b18ec95ac7c1411a7
--- /dev/null
+++ b/backport-fs-udf-Fix-out-of-bounds-access.patch
@@ -0,0 +1,119 @@
+From a24ea9241cb42e8ba670ac8d8ce54275df73a271 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Wed, 7 Jun 2023 01:31:06 +0000
+Subject: fs/udf: Fix out of bounds access
+
+Implemented a boundary check before advancing the allocation
+descriptors pointer.
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=a24ea9241cb42e8ba670ac8d8ce54275df73a271
+Conflict:NA
+
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/fs/udf.c | 38 ++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 38 insertions(+)
+
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index 7679ea3..b836e61 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -114,6 +114,10 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define GRUB_UDF_PARTMAP_TYPE_1		1
+ #define GRUB_UDF_PARTMAP_TYPE_2		2
+ 
++#define GRUB_UDF_INVALID_STRUCT_PTR(_ptr, _struct)	\
++  ((char *) (_ptr) >= end_ptr || \
++   ((grub_ssize_t) (end_ptr - (char *) (_ptr)) < (grub_ssize_t) sizeof (_struct)))
++
+ struct grub_udf_lb_addr
+ {
+   grub_uint32_t block_num;
+@@ -458,6 +462,7 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+   char *ptr;
+   grub_ssize_t len;
+   grub_disk_addr_t filebytes;
++  char *end_ptr;
+ 
+   switch (U16 (node->block.fe.tag.tag_ident))
+     {
+@@ -476,9 +481,17 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+       return 0;
+     }
+ 
++  end_ptr = (char *) node + get_fshelp_size (node->data);
++
+   if ((U16 (node->block.fe.icbtag.flags) & GRUB_UDF_ICBTAG_FLAG_AD_MASK)
+       == GRUB_UDF_ICBTAG_FLAG_AD_SHORT)
+     {
++      if (GRUB_UDF_INVALID_STRUCT_PTR (ptr, struct grub_udf_short_ad))
++	{
++	  grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system");
++	  return 0;
++	}
++
+       struct grub_udf_short_ad *ad = (struct grub_udf_short_ad *) ptr;
+ 
+       filebytes = fileblock * U32 (node->data->lvd.bsize);
+@@ -542,10 +555,22 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+ 	  filebytes -= adlen;
+ 	  ad++;
+ 	  len -= sizeof (struct grub_udf_short_ad);
++
++	  if (GRUB_UDF_INVALID_STRUCT_PTR (ad, struct grub_udf_short_ad))
++	    {
++	      grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system");
++	      return 0;
++	    }
+ 	}
+     }
+   else
+     {
++      if (GRUB_UDF_INVALID_STRUCT_PTR (ptr, struct grub_udf_long_ad))
++	{
++	  grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system");
++	  return 0;
++	}
++
+       struct grub_udf_long_ad *ad = (struct grub_udf_long_ad *) ptr;
+ 
+       filebytes = fileblock * U32 (node->data->lvd.bsize);
+@@ -611,6 +636,12 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+ 	  filebytes -= adlen;
+ 	  ad++;
+ 	  len -= sizeof (struct grub_udf_long_ad);
++
++	  if (GRUB_UDF_INVALID_STRUCT_PTR (ad, struct grub_udf_long_ad))
++	    {
++	      grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system");
++	      return 0;
++	    }
+ 	}
+     }
+ 
+@@ -630,6 +661,7 @@ grub_udf_read_file (grub_fshelp_node_t node,
+     case GRUB_UDF_ICBTAG_FLAG_AD_IN_ICB:
+       {
+ 	char *ptr;
++	char *end_ptr = (char *) node + get_fshelp_size (node->data);
+ 
+ 	ptr = ((U16 (node->block.fe.tag.tag_ident) == GRUB_UDF_TAG_IDENT_FE) ?
+ 	       ((char *) &node->block.fe.ext_attr[0]
+@@ -637,6 +669,12 @@ grub_udf_read_file (grub_fshelp_node_t node,
+ 	       ((char *) &node->block.efe.ext_attr[0]
+                 + U32 (node->block.efe.ext_attr_length)));
+ 
++	if ((ptr + pos + len) > end_ptr)
++	  {
++	    grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system");
++	    return 0;
++	  }
++
+ 	grub_memcpy (buf, ptr + pos, len);
+ 
+ 	return len;
+-- 
+cgit v1.1
+
diff --git a/backport-lib-relocator-Fix-OOB-write-when-initializing-lo-freebytes.patch b/backport-lib-relocator-Fix-OOB-write-when-initializing-lo-freebytes.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9c78d1d74f1e3f90cea849e4aa689b3fcaebe18a
--- /dev/null
+++ b/backport-lib-relocator-Fix-OOB-write-when-initializing-lo-freebytes.patch
@@ -0,0 +1,38 @@
+From 9dbfbcd660470c3b951d15af0f6ce5a423185ad2 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Fri, 23 Jun 2023 00:02:24 +0200
+Subject: lib/relocator: Fix OOB write when initializing lo->freebytes[]
+
+Fixes: CID 96636
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=9dbfbcd660470c3b951d15af0f6ce5a423185ad2
+Conflict:NA
+
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
+---
+ grub-core/lib/relocator.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
+index 568fc0b..e0478ae 100644
+--- a/grub-core/lib/relocator.c
++++ b/grub-core/lib/relocator.c
+@@ -881,9 +881,11 @@ malloc_in_range (struct grub_relocator *rel,
+ 			offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
+ 		      lo->freebytes[offstart / 8]
+ 			&= ((1 << (8 - (start % 8))) - 1);
+-		      grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
+-				   offend / 8 - (offstart + 7) / 8);
+-		      lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
++		      if (offend / 8 > (offstart + 7) / 8)
++			grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
++				     offend / 8 - (offstart + 7) / 8);
++		      if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)
++			lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
+ 		    }
+ 		    break;
+ #endif
+-- 
+cgit v1.1
+
diff --git a/backport-util-grub-mount-Fix-memory-leak-in-fuse_getattr.patch b/backport-util-grub-mount-Fix-memory-leak-in-fuse_getattr.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d92e8201df9107d9dd733e0d1fe29cac70c66c06
--- /dev/null
+++ b/backport-util-grub-mount-Fix-memory-leak-in-fuse_getattr.patch
@@ -0,0 +1,29 @@
+From 3077b39baef99afe534b582b9024bba877786e40 Mon Sep 17 00:00:00 2001
+From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+Date: Tue, 25 Jul 2023 11:18:59 +0800
+Subject: util/grub-mount: Fix memory leak in fuse_getattr()
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=3077b39baef99afe534b582b9024bba877786e40
+Conflict:NA
+
+Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ util/grub-mount.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/util/grub-mount.c b/util/grub-mount.c
+index 1c35b6a..c69889d 100644
+--- a/util/grub-mount.c
++++ b/util/grub-mount.c
+@@ -198,6 +198,7 @@ fuse_getattr (const char *path, struct stat *st,
+   (fs->fs_dir) (dev, path2, fuse_getattr_find_file, &ctx);
+ 
+   grub_free (path2);
++  free (pathname);
+   if (!ctx.file_exists)
+     {
+       grub_errno = GRUB_ERR_NONE;
+-- 
+cgit v1.1
+
diff --git a/grub.patches b/grub.patches
index b17f403bf617344691922a26b8f2c9a3f70c012e..8eeec100192f4daea692d6338c7570537bd8880b 100644
--- a/grub.patches
+++ b/grub.patches
@@ -340,4 +340,7 @@ Patch0330: backport-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch
 Patch0331: backport-util-grub-install-common-Fix-the-key-of.patch
 Patch0332: backport-kern-efi-mm-Fix-use-after-free-in-finish-boot-services.patch
 Patch0333: backport-kern-Check-for-NULL-when-closing-devices-and-disks.patch
-Patch0334: backport-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch 
+Patch0334: backport-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
+Patch0335: backport-fs-udf-Fix-out-of-bounds-access.patch
+Patch0336: backport-lib-relocator-Fix-OOB-write-when-initializing-lo-freebytes.patch
+Patch0337: backport-util-grub-mount-Fix-memory-leak-in-fuse_getattr.patch
diff --git a/grub2.spec b/grub2.spec
index ffd960da19bde8fc10fe0cf7fc4c65e6acdac29d..dd6361bca88a84d80d658adbbb3eba5ded73366a 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -14,7 +14,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	36
+Release:	37
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -440,6 +440,14 @@ fi
 %{_datadir}/man/man*
 
 %changelog
+* Wed Sep 13 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.06-37
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fs/udf: Fix out of bounds access
+       lib/relocator: Fix OOB write when initializing lo->freebytes[]
+       util/grub-mount: Fix memory leak in fuse_getattr()
+
 * Fri Sep 1 2023 ouuleilei <wangliu@iscas.ac.cn> - 1:2.06-36
 add a patch to fix build error
 
diff --git a/sbat.csv.in b/sbat.csv.in
index 460c6908038c6e8314ad98f31c7149db07b5cf75..a5d25e707a6e3969fc66d7a5d970b3343f1f8ca9 100644
--- a/sbat.csv.in
+++ b/sbat.csv.in
@@ -1,3 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-grub,1,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
+grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
 grub.openeuler,1,The openEuler Project,grub2,@@VERSION_RELEASE@@,https://gitee.com/src-openeuler/grub2