diff --git a/backport-fix-CVE-2024-8805.patch b/backport-fix-CVE-2024-8805.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fe4b85cbe6289c70f836ab8a459711e4c1b0c74d
--- /dev/null
+++ b/backport-fix-CVE-2024-8805.patch
@@ -0,0 +1,43 @@
+From 41f943630d9a03c40e95057b2ac3d96470b9c71e Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 9 Oct 2024 04:03:00 +0800
+Subject: [PATCH] fix CVE-2024-8805
+
+---
+ client/main.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 51d08a6..92a3574 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1089,6 +1089,7 @@ static void cmd_pairable(int argc, char *argv[])
+ 
+ static void cmd_discoverable(int argc, char *argv[])
+ {
++	DBusMessageIter iter;
+ 	dbus_bool_t discoverable;
+ 	char *str;
+ 
+@@ -1098,6 +1099,18 @@ static void cmd_discoverable(int argc, char *argv[])
+ 	if (check_default_ctrl() == FALSE)
+ 		return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ 
++	if (discoverable && g_dbus_proxy_get_property(default_ctrl->proxy,
++					"DiscoverableTimeout", &iter)) {
++		uint32_t value;
++
++		dbus_message_iter_get_basic(&iter, &value);
++
++		if (!value)
++			bt_shell_printf("Warning: setting discoverable while "
++					"discoverable-timeout not set(0) is not"
++					" recommended\n");
++	}
++
+ 	str = g_strdup_printf("discoverable %s",
+ 				discoverable == TRUE ? "on" : "off");
+ 
+-- 
+2.43.0
+
diff --git a/bluez.spec b/bluez.spec
index 60c07e27c976b3448100bf7199aac92687428c23..9623be7718d96c490970b56dd0e659f868e981a9 100644
--- a/bluez.spec
+++ b/bluez.spec
@@ -1,7 +1,7 @@
 Name:             bluez
 Summary:          Bluetooth utilities
 Version:          5.71
-Release:          3
+Release:          4
 License:          GPLv2+
 URL:              http://www.bluez.org/
 Source0:          http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@@ -19,6 +19,7 @@ Patch6013:	  bluez-5.54-sw.patch
 %endif
 Patch7000:	  0001-Fix-crash-after-pair-command.patch
 Patch7001:	  Fix-memory-leak.patch
+Patch7002:	  backport-fix-CVE-2024-8805.patch 
 
 BuildRequires:    dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
 BuildRequires:    glib2-devel libical-devel readline-devel 
@@ -176,6 +177,9 @@ make check
 %{_mandir}/man8/*
 
 %changelog
+* Thu Oct 10 2024 changtao <changtao@kylinos.cn> - 5.71-4
+- fix CVE-2024-8805
+
 * Tue Jun 4 2024 xuchenchen <xuchenchen@kylinos.cn> - 5.71-3
 - sync patches from community, shared/csip: Fix memory leak