diff --git a/CVE-2022-24736.patch b/CVE-2022-24736.patch
new file mode 100644
index 0000000000000000000000000000000000000000..da234a7b2460b3378941e3cf07672eb7a7d313cb
--- /dev/null
+++ b/CVE-2022-24736.patch
@@ -0,0 +1,36 @@
+diff -Naru redis-6.0.11/src/scripting.c redis-6.0.11-new/src/scripting.c
+--- redis-6.0.11/src/scripting.c	2021-02-23 07:35:37.000000000 +0800
++++ redis-6.0.11-new/src/scripting.c	2022-05-19 10:04:29.828225000 +0800
+@@ -559,6 +559,10 @@
+         return raise_error ? luaRaiseError(lua) : 1;
+     }
+
++    /* Pop all arguments from the stack, we do not need them anymore
++     * and this way we guaranty we will have room on the stack for the result. */
++    lua_pop(lua, argc);
++
+     /* Setup our fake client for command execution */
+     c->argv = argv;
+     c->argc = argc;
+@@ -624,6 +628,7 @@
+      * command marked as non-deterministic was already called in the context
+      * of this script. */
+     if (cmd->flags & CMD_WRITE) {
++        /* Deny writes if we're unale to persist. */
+         int deny_write_type = writeCommandsDeniedByDiskError();
+         if (server.lua_random_dirty && !server.lua_replicate_commands) {
+             luaPushError(lua,
+@@ -646,6 +651,13 @@
+                 sdsfree(aof_write_err);
+             }
+             goto cleanup;
++        } else if (server.masterhost == NULL &&
++                   server.repl_min_slaves_max_lag &&
++                   server.repl_min_slaves_to_write &&
++                   server.repl_good_slaves_count < server.repl_min_slaves_to_write)
++        {
++            luaPushError(lua, shared.noreplicaserr->ptr);
++            goto cleanup;
+         }
+     }
+
diff --git a/redis6.spec b/redis6.spec
index 4a8493f1f179f046cc85aa940943a0a507791358..2840101f7c4f1859263cea52b2c51de7229e27e5 100644
--- a/redis6.spec
+++ b/redis6.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis6
 Version:             6.0.11
-Release:             6
+Release:             7
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -28,6 +28,7 @@ Patch0005:           CVE-2021-32675.patch
 Patch0006:           CVE-2021-41099.patch
 Patch0007:           CVE-2021-32762.patch
 Patch0008:           fix-help-info.patch
+Patch0009:           CVE-2022-24736.patch
 BuildRequires:       make gcc
 %if %{with tests}
 BuildRequires:       procps-ng tcl
@@ -92,6 +93,7 @@ tar -xvf  %{SOURCE10}
 %patch0005 -p1
 %patch0006 -p1
 %patch0007 -p1
+%patch0009 -p1
 %endif
 %patch0008 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
@@ -222,6 +224,9 @@ fi
 %{_docdir}/%{Pname}
 
 %changelog
+* Thu May 19 2022 yangweidong <yangweidong9@huawei.com> - 6.0.11-7
+- Fix CVE-2022-24736
+
 * Mon Dec 06 2021 caodongxia <caodongxia@huawei.com> - 6.0.11-6
 - Fix help info