diff --git a/aide.spec b/aide.spec
index b2bbb60b844a8658ff7aa936481dac65d1586dbd..e27ca835603303c1ba79b6fd76f4f28f3f26f34f 100644
--- a/aide.spec
+++ b/aide.spec
@@ -2,7 +2,7 @@
 
 Name:       aide
 Version:    0.18.6
-Release:    3
+Release:    4
 Summary:    Advanced Intrusion Detection Environment
 License:    GPLv2+
 URL:        https://sourceforge.net/projects/aide
@@ -23,6 +23,7 @@ Requires:  libgcrypt-sm3
 Patch0:    Add-sm3-algorithm-for-aide.patch 
 Patch1:    backport-Fix-condition-for-error-message-of-failing-to-open-g.patch
 Patch2:    backport-Fix-parsing-of-lowercase-group-names.patch
+Patch3:    backport-Fix-concurrent-reading-of-extended-attributes-xattrs.patch
 
 %description
 AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker.
@@ -75,6 +76,12 @@ make check
 %{_mandir}/*/*
 
 %changelog
+* Tue Mar 25 2025 yixiangzhike <yixiangzhike007@163.com> - 0.18.6-4
+- Type: bugfix
+- ID: NA
+- SUG: NA
+- DESC: backport upstream patch to fix concurrent reading of extended attributes
+
 * Wed Sep 4 2024 yixiangzhike <yixiangzhike007@163.com> - 0.18.6-3
 - Type: bugfix
 - ID: NA
diff --git a/backport-Fix-concurrent-reading-of-extended-attributes-xattrs.patch b/backport-Fix-concurrent-reading-of-extended-attributes-xattrs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d5866353f90474c326dc1f8792275718b5343342
--- /dev/null
+++ b/backport-Fix-concurrent-reading-of-extended-attributes-xattrs.patch
@@ -0,0 +1,57 @@
+From 93831c717eaaa19d58da12ebeb28607cc6d43116 Mon Sep 17 00:00:00 2001
+From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
+Date: Wed, 8 May 2024 23:20:41 +0200
+Subject: [PATCH] Fix concurrent reading of extended attributes (xattrs)
+
+---
+ src/do_md.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/src/do_md.c b/src/do_md.c
+index 20e62f9..4ff2a86 100644
+--- a/src/do_md.c
++++ b/src/do_md.c
+@@ -482,14 +482,13 @@ static void xattr_add(xattrs_type *xattrs, const char *key, const char
+ void xattrs2line(db_line *line) {
+     /* get all generic user xattrs. */
+     xattrs_type *xattrs = NULL;
+-    static ssize_t xsz = 1024;
+-    static char *xatrs = NULL;
+     ssize_t xret = -1;
+ 
+     if (!(ATTR(attr_xattrs)&line->attr))
+         return;
+ 
+-    if (!xatrs) xatrs = checked_malloc(xsz);
++    ssize_t xsz = 1024;
++    char *xatrs = xatrs = checked_malloc(xsz);
+ 
+     while (((xret = llistxattr(line->fullpath, xatrs, xsz)) == -1) && (errno == ERANGE)) {
+         xsz <<= 1;
+@@ -502,10 +501,8 @@ void xattrs2line(db_line *line) {
+         log_msg(LOG_LEVEL_WARNING, "listxattrs failed for %s:%s", line->fullpath, strerror(errno));
+     } else if (xret) {
+         const char *attr = xatrs;
+-        static ssize_t asz = 1024;
+-        static char *val = NULL;
+-
+-        if (!val) val = checked_malloc(asz);
++        ssize_t asz = 1024;
++        char *val = checked_malloc(asz);
+ 
+         xattrs = xattr_new();
+ 
+@@ -533,8 +530,9 @@ next_attr:
+             attr += len + 1;
+             xret -= len + 1;
+         }
++        free(val);
+     }
+-
++    free(xatrs);
+     line->xattrs = xattrs;
+ }
+ #endif
+-- 
+2.33.0
+