diff --git a/VERSION-vendor b/VERSION-vendor
index f875d93ade2e0d891b6e10dfddeeb9e85e71ddd6..bf31dd95cbe68bc16c4b03361260ae18f19d97fd 100644
--- a/VERSION-vendor
+++ b/VERSION-vendor
@@ -1 +1 @@
-18.09.0.345
+18.09.0.346
diff --git a/docker.spec b/docker.spec
index ccae16edeed43fe1d389ca452802ddd5e7207814..8f2a60136b5b65b8bb19e63c338ef15eb997abf7 100644
--- a/docker.spec
+++ b/docker.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 345
+Release: 346
 Epoch: 2
 Summary: The open-source application container engine
 Group: Tools/Docker
@@ -213,6 +213,12 @@ fi
 %endif
 
 %changelog
+* Sat Feb 22 2025 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-346
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync some patches
+
 * Fri Dec 06 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-345
 - Type:CVE
 - CVE:CVE-2024-36623
diff --git a/git-commit b/git-commit
index 65e8a73b8b81bbae0a41ea881e0273f66c2e1ff9..36d7907c7646083c6b7b73328e5c0176950e9d6e 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-d51e3ad6559c34794487f2ca890995bde7739678
+e3f8eeda3df9321c490e4adb3cb8172b3e845e82
diff --git a/patch/0283-docker-check-containerd-sock-legality.patch b/patch/0283-docker-check-containerd-sock-legality.patch
new file mode 100644
index 0000000000000000000000000000000000000000..190dc33ca3057bebd244857b3da24c9f36073c64
--- /dev/null
+++ b/patch/0283-docker-check-containerd-sock-legality.patch
@@ -0,0 +1,30 @@
+From 66f64ce2f18d1051f19f342c8fcf98c5066f00a6 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Mon, 13 Jan 2025 16:35:53 +0800
+Subject: [PATCH] docker:check containerd.sock legality
+
+---
+ components/engine/cmd/dockerd/daemon.go | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
+index 89fa9245a..f703765be 100644
+--- a/components/engine/cmd/dockerd/daemon.go
++++ b/components/engine/cmd/dockerd/daemon.go
+@@ -759,8 +759,11 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
+ }
+ 
+ func systemContainerdRunning() bool {
+-	_, err := os.Lstat(containerddefaults.DefaultAddress)
+-	return err == nil
++	fileInfo, err := os.Stat(containerddefaults.DefaultAddress)
++	if err != nil {
++		return false
++	}
++	return fileInfo.Mode()&os.ModeSocket == os.ModeSocket
+ }
+ 
+ func (cli *DaemonCli) setRuntimeStartTimeout() error {
+-- 
+2.33.0
+
diff --git a/patch/0284-docker-modify-hostconfig.json-perm-640.patch b/patch/0284-docker-modify-hostconfig.json-perm-640.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7e8774ee85b45fb28785f2c5bb34097c29434cc1
--- /dev/null
+++ b/patch/0284-docker-modify-hostconfig.json-perm-640.patch
@@ -0,0 +1,25 @@
+From 432ab009827f6bc84fb07d424d95d10328b4b185 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Fri, 21 Feb 2025 11:00:10 +0800
+Subject: [PATCH] docker:modify hostconfig.json perm to 640
+
+---
+ components/engine/container/container.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/components/engine/container/container.go b/components/engine/container/container.go
+index 3dcfdaefa..6eaee714e 100644
+--- a/components/engine/container/container.go
++++ b/components/engine/container/container.go
+@@ -262,7 +262,7 @@ func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error
+ 		return nil, err
+ 	}
+ 
+-	f, err := ioutils.NewAtomicFileWriter(pth, 0644)
++	f, err := ioutils.NewAtomicFileWriter(pth, 0640)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-- 
+2.33.0
+
diff --git a/patch/0285-docker-change-rand-random-number-library-to-generate.patch b/patch/0285-docker-change-rand-random-number-library-to-generate.patch
new file mode 100644
index 0000000000000000000000000000000000000000..371bd00d9653cf269d6c525ad12ade6d834208eb
--- /dev/null
+++ b/patch/0285-docker-change-rand-random-number-library-to-generate.patch
@@ -0,0 +1,26 @@
+From a002e6e5309209cd7aa90cde3c1168328fc654d7 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Sat, 22 Feb 2025 09:58:59 +0800
+Subject: [PATCH] docker:change rand random number library to generate seeds
+ using Nano time
+
+---
+ .../engine/vendor/github.com/docker/libnetwork/resolver.go      | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/components/engine/vendor/github.com/docker/libnetwork/resolver.go b/components/engine/vendor/github.com/docker/libnetwork/resolver.go
+index 0e44352d7..b898c38f9 100644
+--- a/components/engine/vendor/github.com/docker/libnetwork/resolver.go
++++ b/components/engine/vendor/github.com/docker/libnetwork/resolver.go
+@@ -98,7 +98,7 @@ type resolver struct {
+ }
+ 
+ func init() {
+-	rand.Seed(time.Now().Unix())
++	rand.Seed(time.Now().UnixNano())
+ }
+ 
+ // NewResolver creates a new instance of the Resolver
+-- 
+2.33.0
+
diff --git a/series.conf b/series.conf
index 976fa569fbf56f659d3538bfa3c162f381def1c4..58fd7c065f988fe373ce87cb8c333b6f0e1ef9eb 100644
--- a/series.conf
+++ b/series.conf
@@ -276,4 +276,7 @@ patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch
 patch/0279-docker-try-to-reconnect-when-containerd-grpc-return-.patch
 patch/0281-backport-fix-CVE-2024-36621.patch
 patch/0282-backport-fix-CVE-2024-36623.patch
+patch/0283-docker-check-containerd-sock-legality.patch
+patch/0284-docker-modify-hostconfig.json-perm-640.patch
+patch/0285-docker-change-rand-random-number-library-to-generate.patch
 #end