diff --git a/backport-CVE-2024-23945.patch b/backport-CVE-2024-23945.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f4a8b44d29885ec5c824cd1cbe619c11a3011db9
--- /dev/null
+++ b/backport-CVE-2024-23945.patch
@@ -0,0 +1,51 @@
+From cf59b1f51c16301f689b4e0f17ba4dbd140e1b19 Mon Sep 17 00:00:00 2001
+From: Sean Owen <srowen@gmail.com>
+Date: Tue, 17 Oct 2023 16:10:56 -0700
+Subject: [PATCH] [MINOR][SQL] Remove signature from Hive thriftserver
+ exception
+
+### What changes were proposed in this pull request?
+
+Don't return expected signature to caller in Hive thriftserver exception
+
+### Why are the changes needed?
+
+Please see private discussion
+
+### Does this PR introduce _any_ user-facing change?
+
+No
+
+### How was this patch tested?
+
+Existing tests
+
+### Was this patch authored or co-authored using generative AI tooling?
+
+No
+
+Closes #43402 from srowen/HiveCookieSigner.
+
+Authored-by: Sean Owen <srowen@gmail.com>
+Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
+---
+ .../src/main/java/org/apache/hive/service/CookieSigner.java    | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/CookieSigner.java b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/CookieSigner.java
+index 782e47a..4b8d2cb 100644
+--- a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/CookieSigner.java
++++ b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/CookieSigner.java
+@@ -81,8 +81,7 @@ public class CookieSigner {
+       LOG.debug("Signature generated for " + rawValue + " inside verify is " + currentSignature);
+     }
+     if (!MessageDigest.isEqual(originalSignature.getBytes(), currentSignature.getBytes())) {
+-      throw new IllegalArgumentException("Invalid sign, original = " + originalSignature +
+-        " current = " + currentSignature);
++      throw new IllegalArgumentException("Invalid sign");
+     }
+     return rawValue;
+   }
+-- 
+2.43.0
+
diff --git a/spark.spec b/spark.spec
index cee0a7c23ef56d91e855650588a877f6ab1ec2b5..60fa9dd3396ea33014851930c46ef910d3bdb7b6 100644
--- a/spark.spec
+++ b/spark.spec
@@ -4,12 +4,13 @@
 Summary: A unified analytics engine for large-scale data processing.
 Name: spark
 Version: 3.2.2
-Release: 1
+Release: 2
 License: Apache 2.0
 URL: http://spark.apache.org/
 Source0: https://github.com/apache/spark/archive/v%{version}.tar.gz
 
 Patch0001: 0001-change-mvn-scalafmt.patch
+Patch0002: backport-CVE-2024-23945.patch
 
 BuildRequires: java-1.8.0-openjdk-devel
 BuildRequires: maven
@@ -25,6 +26,7 @@ Apache Spark achieves high performance for both batch and streaming data, using
 %setup -q
 
 %patch0001 -p1
+%patch0002 -p1
 
 %build
 mvn -DskipTests -Dmaven.test.skip=true clean package 
@@ -38,6 +40,12 @@ cp -rf ../%{name}-%{version} %{buildroot}/opt/apache-%{name}-%{version}
 
 
 %changelog
+* Thu Dec 26 2024 changtao <changtao@kylinos.cn> - 3.2.2-2
+- Type: CVE
+- CVE: CVE-2024-23945
+- SUG: NA
+- DESC: fix CVE-2024-23945
+
 * Wed Aug 10 2022 xiexing <xiexing4@hisilicon.com> - 3.2.2-1
 - update spark version