diff --git a/display-qxl-render-fix-race-condition-in-qxl_cursor-.patch b/display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
index 7fbd127541cea671a6aad05b69a4d02f57fc9242..4e328a745e74d069665bbf2ec4e86645725c4c54 100644
--- a/display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
+++ b/display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
@@ -1,7 +1,7 @@
-From 5b4d6c4605900ecc22135af5a904270931220a4f Mon Sep 17 00:00:00 2001
+From 0396df1e72e70d96592928601cdc66762539df0a Mon Sep 17 00:00:00 2001
 From: Mauro Matteo Cascella <mcascell@redhat.com>
 Date: Thu, 7 Apr 2022 10:11:06 +0200
-Subject: [PATCH 4/5] display/qxl-render: fix race condition in qxl_cursor
+Subject: [PATCH] display/qxl-render: fix race condition in qxl_cursor
  (CVE-2021-4207)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
diff --git a/hw-block-fdc-Extract-blk_create_empty_drive.patch b/hw-block-fdc-Extract-blk_create_empty_drive.patch
index 23b3ab3e3b832117529f3bf91564cab0f386aaf2..8ffbd3b9b46b5b3e73b28e0bf7c1ddf4072d61ad 100644
--- a/hw-block-fdc-Extract-blk_create_empty_drive.patch
+++ b/hw-block-fdc-Extract-blk_create_empty_drive.patch
@@ -1,7 +1,7 @@
-From b05a7125bab12a5610db47c9fd4f85d93a552a4e Mon Sep 17 00:00:00 2001
+From 70b620188baffb26a2a9c11d470301be1c4fc3d0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
 Date: Wed, 24 Nov 2021 17:15:34 +0100
-Subject: [PATCH 1/5] hw/block/fdc: Extract blk_create_empty_drive()
+Subject: [PATCH] hw/block/fdc: Extract blk_create_empty_drive()
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
diff --git a/hw-block-fdc-Kludge-missing-floppy-drive-to-fix-CVE-.patch b/hw-block-fdc-Kludge-missing-floppy-drive-to-fix-CVE-.patch
index 2c9c1809fd599c969cf13e4b92654d61535b3db8..e78981eace2cd60dad002abae87f147427843889 100644
--- a/hw-block-fdc-Kludge-missing-floppy-drive-to-fix-CVE-.patch
+++ b/hw-block-fdc-Kludge-missing-floppy-drive-to-fix-CVE-.patch
@@ -1,7 +1,7 @@
-From c303ae575659493d747225f61430460dec809362 Mon Sep 17 00:00:00 2001
+From ef1cfbcb758140d9c69dbd82bedc9cada587c2aa Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
 Date: Wed, 24 Nov 2021 17:15:35 +0100
-Subject: [PATCH 2/5] hw/block/fdc: Kludge missing floppy drive to fix
+Subject: [PATCH] hw/block/fdc: Kludge missing floppy drive to fix
  CVE-2021-20196
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
diff --git a/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch b/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
index d047ee316de5f6b6cfdb80de451da6ff232e51c7..4a6421204dba1f5f219535ed445def67e993fa90 100644
--- a/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
+++ b/hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
@@ -1,8 +1,8 @@
-From be2098de6cafdce46c104d6ff277b7b780631e40 Mon Sep 17 00:00:00 2001
+From 04d90353b1efa5347f70b4612ea6a329f2347f10 Mon Sep 17 00:00:00 2001
 From: Marcel Apfelbaum <marcel@redhat.com>
 Date: Wed, 16 Jun 2021 14:06:00 +0300
-Subject: [PATCH 1/3] hw/rdma: Fix possible mremap overflow in the pvrdma
- device (CVE-2021-3582)
+Subject: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device
+ (CVE-2021-3582)
 
 Ensure mremap boundaries not trusting the guest kernel to
 pass the correct buffer length.
diff --git a/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch b/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
index 2be31292ab46766606bb656c8d07cda5dc2438c1..074b4685a90a6a69a12b1ea0d3f58604ca9b478a 100644
--- a/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
+++ b/pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
@@ -1,7 +1,7 @@
-From 0383586640e2c9712376c795d4d2ea27aadeed78 Mon Sep 17 00:00:00 2001
+From 04ae970fd4bad794a5e6a3c2710d8e49f221b36d Mon Sep 17 00:00:00 2001
 From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
 Date: Wed, 30 Jun 2021 14:46:34 +0300
-Subject: [PATCH 2/3] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
+Subject: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
 
 Check the guest passed a non zero page count
 for pvrdma device ring buffers.
diff --git a/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch b/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
index ed54c1b6c9d1ad4e06e38d7d5e66c04d86e83784..a0017032fb902bea8e254b857f2a041c83c505ce 100644
--- a/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
+++ b/pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
@@ -1,7 +1,7 @@
-From ad63c75ceea0b9d6fe1dbb008cad41527a29f923 Mon Sep 17 00:00:00 2001
+From d368151ce50593cfa7fa280245f9c0568961062a Mon Sep 17 00:00:00 2001
 From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
 Date: Wed, 30 Jun 2021 14:52:46 +0300
-Subject: [PATCH 3/3] pvrdma: Fix the ring init error flow (CVE-2021-3608)
+Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
diff --git a/qemu.spec b/qemu.spec
index 4f73d6eb9d296be839fe535d25954d010da059a8..a1b169318531096f24c233e506b41f26d9595c06 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 55
+Release: 56
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY
@@ -272,6 +272,17 @@ Patch0259: hw-block-fdc-Kludge-missing-floppy-drive-to-fix-CVE-.patch
 Patch0260: tests-fdc-test-Add-a-regression-test-for-CVE-2021-20.patch
 Patch0261: display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
 Patch0262: ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
+Patch0263: hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch
+Patch0264: hw-rdma-Fix-possible-mremap-overflow-in-the-pvrdma-d.patch
+Patch0265: pvrdma-Ensure-correct-input-on-ring-init-CVE-2021-36.patch
+Patch0266: pvrdma-Fix-the-ring-init-error-flow-CVE-2021-3608.patch
+Patch0267: vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
+Patch0268: virtio-net-fix-map-leaking-on-error-during-receive.patch
+Patch0269: hw-block-fdc-Extract-blk_create_empty_drive.patch
+Patch0270: hw-block-fdc-Kludge-missing-floppy-drive-to-fix-CVE-.patch
+Patch0271: tests-fdc-test-Add-a-regression-test-for-CVE-2021-20.patch
+Patch0272: display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
+Patch0273: ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -617,6 +628,25 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Mon May 16 2022 Chen Qun <kuhn.chenqun@huawei.com>
+- hw/block/fdc: Extract blk_create_empty_drive()
+- hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
+- tests/fdc-test: Add a regression test for CVE-2021-20196
+- display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207)
+- ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
+
+* Mon May 16 2022 Chen Qun <kuhn.chenqun@huawei.com>
+- vhost-vsock: detach the virqueue element in case of error
+- virtio-net: fix map leaking on error during receive
+
+* Mon May 16 2022 Chen Qun <kuhn.chenqun@huawei.com>
+- hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
+- pvrdma: Ensure correct input on ring init (CVE-2021-3607)
+- pvrdma: Fix the ring init error flow (CVE-2021-3608)
+
+* Mon May 16 2022 Chen Qun <kuhn.chenqun@huawei.com>
+- hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
+
 * Tue May 10 2022 yezengruan <yezengruan@huawei.com>
 - hw/block/fdc: Extract blk_create_empty_drive()
 - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
diff --git a/tests-fdc-test-Add-a-regression-test-for-CVE-2021-20.patch b/tests-fdc-test-Add-a-regression-test-for-CVE-2021-20.patch
index 56aac5a8f059c1e4a2626fd8829fc411a218cec6..20f9e00d2f8b5a4188d1fb7f4d64f18faa383080 100644
--- a/tests-fdc-test-Add-a-regression-test-for-CVE-2021-20.patch
+++ b/tests-fdc-test-Add-a-regression-test-for-CVE-2021-20.patch
@@ -1,7 +1,7 @@
-From 2d3c9124817d4f01a1d241359a784f29006f9cc1 Mon Sep 17 00:00:00 2001
+From 7b624c4722677166f6d98f13fd8cd20f76fe75f2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
 Date: Wed, 24 Nov 2021 17:15:36 +0100
-Subject: [PATCH 3/5] tests/fdc-test: Add a regression test for CVE-2021-20196
+Subject: [PATCH] tests/fdc-test: Add a regression test for CVE-2021-20196
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
diff --git a/ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch b/ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
index 48e1bf5c506643d95ed10c4ebb9f0602cd86dc8c..06b7061caf9dc1b84f78cfdd791227949d6fd3ee 100644
--- a/ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
+++ b/ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
@@ -1,7 +1,7 @@
-From 88e41fe7ae7e3344f075ae9b226c29c976adf0f4 Mon Sep 17 00:00:00 2001
+From 262faa0b4828d8b9cd028d2436ce67bc386b5f72 Mon Sep 17 00:00:00 2001
 From: Mauro Matteo Cascella <mcascell@redhat.com>
 Date: Thu, 7 Apr 2022 10:17:12 +0200
-Subject: [PATCH 5/5] ui/cursor: fix integer overflow in cursor_alloc
+Subject: [PATCH] ui/cursor: fix integer overflow in cursor_alloc
  (CVE-2021-4206)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
diff --git a/vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch b/vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
index e1d2bd2a3cb79068eef2e445f798c69448976b80..2bb25fe0f55ee52febf87975daeb638857957ec3 100644
--- a/vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
+++ b/vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
@@ -1,7 +1,7 @@
 From bc165d294fdb95d93758b240186fcd81066ced35 Mon Sep 17 00:00:00 2001
 From: Stefano Garzarella <sgarzare@redhat.com>
 Date: Mon, 28 Feb 2022 10:50:58 +0100
-Subject: [PATCH 1/2] vhost-vsock: detach the virqueue element in case of error
+Subject: [PATCH] vhost-vsock: detach the virqueue element in case of error
 
 In vhost_vsock_send_transport_reset(), if an element popped from
 the virtqueue is invalid, we should call virtqueue_detach_element() to
diff --git a/virtio-net-fix-map-leaking-on-error-during-receive.patch b/virtio-net-fix-map-leaking-on-error-during-receive.patch
index f5f0d2273c9b48609bba7bde604fd187222fed00..cc753b7d80864f1bc4e2379d53100c86b3bf2ed9 100644
--- a/virtio-net-fix-map-leaking-on-error-during-receive.patch
+++ b/virtio-net-fix-map-leaking-on-error-during-receive.patch
@@ -1,7 +1,7 @@
 From c1937347f65a1a81787884c99575cc9c91c023e7 Mon Sep 17 00:00:00 2001
 From: Jason Wang <jasowang@redhat.com>
 Date: Tue, 8 Mar 2022 10:42:51 +0800
-Subject: [PATCH 2/2] virtio-net: fix map leaking on error during receive
+Subject: [PATCH] virtio-net: fix map leaking on error during receive
 
 Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
 tries to fix the use after free of the sg by caching the virtqueue