diff --git a/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch b/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
index d047ee316de5f6b6cfdb80de451da6ff232e51c7..48d2fd9211033f72358307a9418e6dfd5591e3e9 100644
--- a/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
+++ b/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
@@ -1,8 +1,8 @@
 From be2098de6cafdce46c104d6ff277b7b780631e40 Mon Sep 17 00:00:00 2001
 From: Marcel Apfelbaum <marcel@redhat.com>
 Date: Wed, 16 Jun 2021 14:06:00 +0300
-Subject: [PATCH 1/3] hw/rdma: Fix possible mremap overflow in the pvrdma
- device (CVE-2021-3582)
+Subject: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device
+ (CVE-2021-3582)
 
 Ensure mremap boundaries not trusting the guest kernel to
 pass the correct buffer length.
diff --git a/hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch b/hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch
index 432e6ccaa200722f2be1c9e18ee742461ae5458f..ae5ed7a7dea7ad3955d35751ecabe701aee70ab0 100644
--- a/hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch
+++ b/hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch
@@ -1,4 +1,4 @@
-From 08438d7975713bbeed2dff8467bd4656b34221ad Mon Sep 17 00:00:00 2001
+From b1f0a316a30eb5c1ba87391af284ad926afa2c3c Mon Sep 17 00:00:00 2001
 From: AlexChen <alex.chen@huawei.com>
 Date: Thu, 4 Nov 2021 17:31:38 +0100
 Subject: [PATCH] hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT
@@ -22,21 +22,21 @@ Signed-off-by: AlexChen <alex.chen@huawei.com>
  1 file changed, 6 insertions(+)
 
 diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
-index cd90cd780e..297efd5a72 100644
+index 93fdd913fe..9a67fc7dc6 100644
 --- a/hw/scsi/scsi-disk.c
 +++ b/hw/scsi/scsi-disk.c
-@@ -1082,6 +1082,7 @@ static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
+@@ -1089,6 +1089,7 @@ static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
      uint8_t *p = *p_outbuf + 2;
      int length;
-
+ 
 +    assert(page < ARRAY_SIZE(mode_sense_valid));
      if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
          return -1;
      }
-@@ -1423,6 +1424,11 @@ static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
+@@ -1430,6 +1431,11 @@ static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
          return -1;
      }
-
+ 
 +    /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
 +    if (page == MODE_PAGE_ALLS) {
 +        return -1;
@@ -45,6 +45,6 @@ index cd90cd780e..297efd5a72 100644
      p = mode_current;
      memset(mode_current, 0, inlen + 2);
      len = mode_sense_page(s, page, &p, 0);
---
+-- 
 2.27.0
 
diff --git a/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch b/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
index 2be31292ab46766606bb656c8d07cda5dc2438c1..81c82782f9aa4a94f6020790c73bd11fe2b557ba 100644
--- a/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
+++ b/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
@@ -1,7 +1,7 @@
 From 0383586640e2c9712376c795d4d2ea27aadeed78 Mon Sep 17 00:00:00 2001
 From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
 Date: Wed, 30 Jun 2021 14:46:34 +0300
-Subject: [PATCH 2/3] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
+Subject: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
 
 Check the guest passed a non zero page count
 for pvrdma device ring buffers.
diff --git a/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch b/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
index ed54c1b6c9d1ad4e06e38d7d5e66c04d86e83784..e1de794954dc53163a680a90fc666b1fadcdd2e6 100644
--- a/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
+++ b/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
@@ -1,7 +1,7 @@
 From ad63c75ceea0b9d6fe1dbb008cad41527a29f923 Mon Sep 17 00:00:00 2001
 From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
 Date: Wed, 30 Jun 2021 14:52:46 +0300
-Subject: [PATCH 3/3] pvrdma: Fix the ring init error flow (CVE-2021-3608)
+Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
diff --git a/qemu.spec b/qemu.spec
index a9bc9b2ce53390659d8654fee7122e222203c55d..5cdd9c61797a355bf737d2158e55c5ad69fb1718 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 65
+Release: 66
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@@ -348,6 +348,10 @@ Patch0335: hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch
 Patch0336: hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
 Patch0337: pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
 Patch0338: pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
+Patch0339: hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch
+Patch0340: hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
+Patch0341: pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
+Patch0342: pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -745,6 +749,14 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Fri Apr 08 2022 Chen Qun <kuhn.chenqun@huawei.com>
+- hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
+- pvrdma: Ensure correct input on ring init (CVE-2021-3607)
+- pvrdma: Fix the ring init error flow (CVE-2021-3608)
+
+* Fri Apr 08 2022 Chen Qun <kuhn.chenqun@huawei.com>
+- hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
+
 * Wed Apr 06 2022 yezengruan <yezengruan@huawei.com>
 - hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
 - pvrdma: Ensure correct input on ring init (CVE-2021-3607)