diff --git a/backport-fix-cgtop-sscanf-return-code-checks.patch b/backport-fix-cgtop-sscanf-return-code-checks.patch
new file mode 100644
index 0000000000000000000000000000000000000000..59ddb479ec417734cf8e6c6c1441ca28f45c7677
--- /dev/null
+++ b/backport-fix-cgtop-sscanf-return-code-checks.patch
@@ -0,0 +1,30 @@
+From bab356f5a0b8d4a43a71076c2333ff4da7ed737e Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Fri, 19 Jan 2024 15:12:49 +0000
+Subject: [PATCH] cgtop: fix sscanf return code checks
+
+sscanf can return EOF on error, so check that we get a result instead.
+
+CodeQL#2386 and CodeQL#2387
+
+(cherry picked from commit 204d52c4b79eb19d2919cb5214e999c58a6679c6)
+---
+ src/cgtop/cgtop.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c
+index e34da7cf728..ca514554408 100644
+--- a/src/cgtop/cgtop.c
++++ b/src/cgtop/cgtop.c
+@@ -310,9 +310,9 @@ static int process(
+ 
+                         if (all_unified) {
+                                 while (!isempty(l)) {
+-                                        if (sscanf(l, "rbytes=%" SCNu64, &k))
++                                        if (sscanf(l, "rbytes=%" SCNu64, &k) == 1)
+                                                 rd += k;
+-                                        else if (sscanf(l, "wbytes=%" SCNu64, &k))
++                                        else if (sscanf(l, "wbytes=%" SCNu64, &k) == 1)
+                                                 wr += k;
+ 
+                                         l += strcspn(l, WHITESPACE);
diff --git a/systemd.spec b/systemd.spec
index 984ba90088784b7cb61966469efcf609267a5988..e73bd64591a11931dbddcfc13b912bfdc08b5a19 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -16,7 +16,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        243
-Release:        79
+Release:        80
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -307,6 +307,7 @@ Patch0259:      backport-CVE-2023-50387.patch
 Patch0260:      backport-CVE-2023-50868.patch
 Patch0261:      backport-login-user-runtime-dir-properly-check-for-mount-poin.patch
 Patch0262:      backport-user-util-validate-the-right-field.patch
+Patch0263:      backport-fix-cgtop-sscanf-return-code-checks.patch
 
 #openEuler
 Patch9002:      1509-fix-journal-file-descriptors-leak-problems.patch
@@ -1714,6 +1715,9 @@ fi
 %exclude /usr/share/man/man3/*
 
 %changelog
+* Thu Aug 1 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 243-80
+- backport: fix cgtop sscanf return code checks
+
 * Mon Apr 29 2024 huyubiao <huyubiao@huawei.com> - 243-79
 - add backport-login-user-runtime-dir-properly-check-for-mount-poin.patch
       backport-user-util-validate-the-right-field.patch