diff --git a/CVE-2019-9499.patch b/CVE-2019-9499.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6d4e2d899e3bd8a4f2809b8778fe414099e11e33
--- /dev/null
+++ b/CVE-2019-9499.patch
@@ -0,0 +1,30 @@
+diff -Nur orig-wpa_supplicant-2.6/src/eap_peer/eap_pwd.c wpa_supplicant-2.6/src/eap_peer/eap_pwd.c
+--- orig-wpa_supplicant-2.6/src/eap_peer/eap_pwd.c	2020-02-03 19:32:18.847432926 +0800
++++ wpa_supplicant-2.6/src/eap_peer/eap_pwd.c	2020-02-03 19:33:32.688400551 +0800
+@@ -451,6 +451,26 @@
+ 		goto fin;
+ 	}
+ 
++	/* verify received scalar */
++	if (crypto_bignum_is_zero(data->server_scalar) ||
++	    crypto_bignum_is_one(data->server_scalar) ||
++	    crypto_bignum_cmp(data->server_scalar,
++			      crypto_ec_get_order(data->grp->group)) >= 0) {
++		wpa_printf(MSG_INFO,
++			   "EAP-PWD (peer): received scalar is invalid");
++		goto fin;
++	}
++
++	/* verify received element */
++	if (!crypto_ec_point_is_on_curve(data->grp->group,
++					 data->server_element) ||
++	    crypto_ec_point_is_at_infinity(data->grp->group,
++					   data->server_element)) {
++		wpa_printf(MSG_INFO,
++			   "EAP-PWD (peer): received element is invalid");
++		goto fin;
++	}
++
+ 	/* compute the shared key, k */
+ 	if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
+ 			   data->server_scalar, data->bnctx)) ||
diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index f6dd7147d199f4274faf85814fac8f5e290baa30..dffe18d64c6fa3402c15b8dbd085d662fdbb36d7 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -1,7 +1,7 @@
 Name:          wpa_supplicant
 Epoch:         1
 Version:       2.6
-Release:       24
+Release:       25
 Summary:       A WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN)
 License:       BSD
 Url:           https://w1.fi/wpa_supplicant/
@@ -82,6 +82,7 @@ Patch6065:     CVE-2019-9498-and-CVE-2019-9499.patch
 Patch6066:     CVE-2019-11555-1.patch
 Patch6067:     CVE-2019-11555-2.patch
 Patch6068:     https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+Patch6069:     CVE-2019-9499.patch
 
 Patch9000:     add-options-of-wpa_supplicant-service.patch
 Patch9001:     allow-to-override-names-of-qt4-tools.patch
@@ -178,6 +179,12 @@ install -m644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
 %{_mandir}/man5/*
 
 %changelog
+* Mon Feb 03 2020 zhouyihang <zhouyihang1@huawei.com> - 1:2.6-25
+- Type:cves
+- ID: CVE-2019-9499
+- SUG:restart
+- DESC: fix CVE-2019-9499
+
 * Mon Feb 03 2020 lihao <lihao129@huawei.com> - 1:2.6-24
 - Type:cves
 - ID: CVE-2018-14526