diff --git a/qemu.spec b/qemu.spec
index 49bc0d546a2e130fffa0be865c8ee85bae56c279..912bed0196b12b89ee56165d97016a686b35eb57 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 74
+Release: 75
 Epoch: 10
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@@ -351,6 +351,7 @@ Patch0338: hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch
 Patch0339: 9pfs-prevent-opening-special-files-CVE-2023-2861.patch
 Patch0340: qga-win32-Remove-change-action-from-MSI-installer.patch
 Patch0341: qga-win32-Use-rundll-for-VSS-installation.patch
+Patch0342: virtio-crypto-verify-src-dst-buffer-length-for-sym-r.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -752,6 +753,9 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Wed Aug 16 2023 Jiabo Feng <fengjiabo1@huawei.com>
+- virtio-crypto: verify src&dst buffer length for sym request
+
 * Fri Jul 21 2023 Jiabo Feng <fengjiabo1@huawei.com>
 - qga/win32: Use rundll for VSS installation
 - qga/win32: Remove change action from MSI installer
diff --git a/virtio-crypto-verify-src-dst-buffer-length-for-sym-r.patch b/virtio-crypto-verify-src-dst-buffer-length-for-sym-r.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7ae8cacd0b94d79706da285423966a50191bbda5
--- /dev/null
+++ b/virtio-crypto-verify-src-dst-buffer-length-for-sym-r.patch
@@ -0,0 +1,47 @@
+From 6958e79af7f8e8f3819a3a89516018226e19796e Mon Sep 17 00:00:00 2001
+From: zhenwei pi <pizhenwei@bytedance.com>
+Date: Thu, 3 Aug 2023 10:43:13 +0800
+Subject: [PATCH] virtio-crypto: verify src&dst buffer length for sym request
+
+For symmetric algorithms, the length of ciphertext must be as same
+as the plaintext.
+The missing verification of the src_len and the dst_len in
+virtio_crypto_sym_op_helper() may lead buffer overflow/divulged.
+
+This patch is originally written by Yiming Tao for QEMU-SECURITY,
+resend it(a few changes of error message) in qemu-devel.
+
+Fixes: CVE-2023-3180
+Fixes: 04b9b37edda("virtio-crypto: add data queue processing handler")
+Cc: Gonglei <arei.gonglei@huawei.com>
+Cc: Mauro Matteo Cascella <mcascell@redhat.com>
+Cc: Yiming Tao <taoym@zju.edu.cn>
+Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
+Message-Id: <20230803024314.29962-2-pizhenwei@bytedance.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 9d38a8434721a6479fe03fb5afb150ca793d3980)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+---
+ hw/virtio/virtio-crypto.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 45187d3344..5e112a2402 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -455,6 +455,11 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+         return NULL;
+     }
+ 
++    if (unlikely(src_len != dst_len)) {
++        virtio_error(vdev, "sym request src len is different from dst len");
++        return NULL;
++    }
++
+     max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+     if (unlikely(max_len > vcrypto->conf.max_size)) {
+         virtio_error(vdev, "virtio-crypto too big length");
+-- 
+2.41.0.windows.1
+