diff --git a/backport-sysctl-return-error-on-permission-denied.patch b/backport-sysctl-return-error-on-permission-denied.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4d38c0f9d70ccad619981c074b99b3d9e52b7838
--- /dev/null
+++ b/backport-sysctl-return-error-on-permission-denied.patch
@@ -0,0 +1,47 @@
+From cd3a440b562e6efc713ce1524678dd068a85bf91 Mon Sep 17 00:00:00 2001
+From: Matteo Croce <teknoraver@meta.com>
+Date: Mon, 20 Oct 2025 15:43:15 +0800
+Subject: [PATCH] sysctl: return error on permission denied
+
+When trying to write to a readonly sysctl or a directory by mistake,
+sysctl still returns success:
+
+	# sysctl kernel.version=foo
+	sysctl: setting key "kernel.version": Operation not permitted
+	# echo $?
+	0
+	# sysctl kernel=foo
+	sysctl: setting key "kernel": Operation not permitted
+	# echo $?
+	0
+
+Let sysctl return error in both the cases above.
+
+Signed-off-by: Matteo Croce <teknoraver@meta.com>
+---
+ src/sysctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/sysctl.c b/src/sysctl.c
+index c711692..cbd0da8 100644
+--- a/src/sysctl.c
++++ b/src/sysctl.c
+@@ -562,13 +562,13 @@ static int WriteSetting(
+     if ((ts.st_mode & S_IWUSR) == 0) {
+         xwarn(_("setting key \"%s\""), dotted_key);
+ 	free(dotted_key);
+-        return rc;
++        return EXIT_FAILURE;
+     }
+ 
+     if (S_ISDIR(ts.st_mode)) {
+         xwarn(_("setting key \"%s\""), dotted_key);
+ 	free(dotted_key);
+-        return rc;
++        return EXIT_FAILURE;
+     }
+ 
+     if (!DryRun) {
+-- 
+2.43.0
+
diff --git a/procps-ng.spec b/procps-ng.spec
index 0eae2084405b95720d2ef77c9732e2112f35ff99..f25f60b7278f0dcb53b5d3511a289d02a89dd503 100644
--- a/procps-ng.spec
+++ b/procps-ng.spec
@@ -1,6 +1,6 @@
 Name: 		procps-ng
 Version: 	4.0.2
-Release:	16
+Release:	17
 Summary: 	Utilities that provide system information.
 License: 	GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+
 URL: 		https://sourceforge.net/projects/procps-ng/
@@ -33,6 +33,7 @@ Patch21:	backport-0002-ps-check-for-null-on-escape-source.patch
 Patch22:	backport-0003-ps-mv-check-for-null-from-escape_str_utf8-to-escape_.patch
 Patch23:	backport-0001-library-address-a-potential-race-resulting-in-a-fault.patch
 Patch24:	backport-0002-library-avoid-strdup-calls-in-sd2proc-if-possible.patch
+Patch25:	backport-sysctl-return-error-on-permission-denied.patch
 
 BuildRequires: 	ncurses-devel libtool autoconf automake gcc gettext-devel systemd-devel systemd-pam
 
@@ -115,6 +116,9 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
 %{_mandir}/man*
 
 %changelog
+* Mon Oct 20 2025 cenhuilin <cenhuilin@kylinos.cn> - 4.0.2-17
+- sysctl: return error on permission denied
+
 * Thu Aug 28 2025 Zhu Jin <zhujin18@huawei.com> - 4.0.2-16
 - library: address a potential race resulting in a fault and avoid strdup() calls in sd2proc() if possible