diff --git a/CVE-2022-24736.patch b/CVE-2022-24736.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e59ffd188b8fa69f2fa2bfee5780dea9bd81effa
--- /dev/null
+++ b/CVE-2022-24736.patch
@@ -0,0 +1,36 @@
+diff -Naru redis-6.0.11/src/scripting.c redis-6.0.11-new/src/scripting.c
+--- redis-6.0.11/src/scripting.c	2021-02-23 07:35:37.000000000 +0800
++++ redis-6.0.11-new/src/scripting.c	2022-05-17 15:04:15.490592000 +0800
+@@ -559,6 +559,10 @@
+         return raise_error ? luaRaiseError(lua) : 1;
+     }
+ 
++    /* Pop all arguments from the stack, we do not need them anymore
++     * and this way we guaranty we will have room on the stack for the result. */
++    lua_pop(lua, argc);
++
+     /* Setup our fake client for command execution */
+     c->argv = argv;
+     c->argc = argc;
+@@ -624,6 +628,7 @@
+      * command marked as non-deterministic was already called in the context
+      * of this script. */
+     if (cmd->flags & CMD_WRITE) {
++        /* Deny writes if we're unale to persist. */
+         int deny_write_type = writeCommandsDeniedByDiskError();
+         if (server.lua_random_dirty && !server.lua_replicate_commands) {
+             luaPushError(lua,
+@@ -646,6 +651,13 @@
+                 sdsfree(aof_write_err);
+             }
+             goto cleanup;
++        } else if (server.masterhost == NULL &&
++                   server.repl_min_slaves_max_lag &&
++                   server.repl_min_slaves_to_write &&
++                   server.repl_good_slaves_count < server.repl_min_slaves_to_write)
++        {
++            luaPushError(lua, shared.noreplicaserr->ptr);
++            goto cleanup;
+         }
+     }
+ 
diff --git a/redis6.spec b/redis6.spec
index fd86354f086679284c8610b5f2f76c3704d6ccf1..fccd0cd21c951779acba52595f117087e4ce3036 100644
--- a/redis6.spec
+++ b/redis6.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis6
 Version:             6.0.11
-Release:             4
+Release:             5
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -22,6 +22,7 @@ Source10:            https://github.com/%{Pname}/%{Pname}-doc/archive/%{doc_comm
 Patch0001:           Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch
 
 Patch0002:           CVE-2021-32626.patch
+Patch0003:           CVE-2022-24736.patch
 BuildRequires:       make gcc
 %if %{with tests}
 BuildRequires:       procps-ng tcl
@@ -81,6 +82,7 @@ tar -xvf  %{SOURCE10}
 %ifarch aarch64
 %patch0001 -p1
 %patch0002 -p1
+%patch0003 -p1
 %endif
 mv ../%{Pname}-doc-%{doc_commit} doc
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
@@ -210,6 +212,9 @@ fi
 %{_docdir}/%{Pname}
 
 %changelog
+* Mon May 16 2022 yanghuan <yanghuan92@huawei.com> - 6.0.11-5
+- Fix CVE-2022-24736
+
 * Thu Nov 04 2021 liwu <liwu13@huawei.com> - 6.0.11-4
 - Fix CVE-2021-32626