diff --git a/CVE-2024-0684.patch b/CVE-2024-0684.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1ffbd2e472a4dc6177ffb608c716664d7ba3e8c7
--- /dev/null
+++ b/CVE-2024-0684.patch
@@ -0,0 +1,31 @@
+From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 16 Jan 2024 13:48:32 -0800
+Subject: [PATCH] split: do not shrink hold buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/split.c (line_bytes_split): Do not shrink hold buffer.
+If it’s large for this batch it’s likely to be large for the next
+batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
+shrink it.  Do not assume hold_size can be bufsize.
+---
+ src/split.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/split.c b/src/split.c
+index 64020c859f..037960a594 100644
+--- a/src/split.c
++++ b/src/split.c
+@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
+             {
+               cwrite (n_out == 0, hold, n_hold);
+               n_out += n_hold;
+-              if (n_hold > bufsize)
+-                hold = xirealloc (hold, bufsize);
+               n_hold = 0;
+-              hold_size = bufsize;
+             }
+ 
+           /* Output to eol if present.  */
diff --git a/coreutils.spec b/coreutils.spec
index c3fe0782e2a94c5e684df1a508d92b95fa44d3ff..287dd958fc6582300def2636f419039dd460c0dc 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,4 +1,4 @@
-%define anolis_release 5
+%define anolis_release 6
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 9.4
@@ -54,6 +54,8 @@ Obsoletes: %{name} < 8.24
 Patch001:	0001-fix-uname-processortype-error-for-loongarch64.patch
 #https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
 Patch002:       coreutils-9.4-cve-2025-5278.patch
+# https://github.com/coreutils/coreutils/commit/c4c5ed8f4
+Patch003:       CVE-2024-0684.patch
 
 %description
 These are the GNU core utilities.  This package is the combination of
@@ -232,6 +234,9 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 %doc NEWS README THANKS TODO
 
 %changelog
+* Mon Aug 18 2025 Bo Ren <rb01097748@alibaba-inc.com> - 9.4-6
+- fix CVE-2024-0684
+
 * Wed Jul 09 2025 yangxinyu <yangxinyu@nfschina.com> - 9.4-5
 - fix cve-2025-5278