diff --git a/0006-fix-CVE-2023-5366.patch b/0006-fix-CVE-2023-5366.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7225feb4884053a016d1d74e770022a22ac241a7
--- /dev/null
+++ b/0006-fix-CVE-2023-5366.patch
@@ -0,0 +1,156 @@
+From 78d71878737564700cffd534bf74fb72a971cd0b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E7=8E=8B=E7=AD=96?= <wangce@uniontech.com>
+Date: Tue, 25 Jun 2024 09:42:56 +0800
+Subject: [PATCH 2/2] fix CVE-2023-5366
+
+---
+ lib/odp-util.c          | 35 ++++++++++++----------------
+ tests/ofproto-macros.at | 15 ++++++++++++
+ tests/system-traffic.at | 51 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 81 insertions(+), 20 deletions(-)
+
+diff --git a/lib/odp-util.c b/lib/odp-util.c
+index fac4cf3..5aaa1dc 100644
+--- a/lib/odp-util.c
++++ b/lib/odp-util.c
+@@ -6402,13 +6402,11 @@ odp_flow_key_from_flow__(const struct odp_flow_key_parms *parms,
+             icmpv6_key->icmpv6_code = ntohs(data->tp_dst);
+ 
+             if (is_nd(flow, NULL)
+-                /* Even though 'tp_src' and 'tp_dst' are 16 bits wide, ICMP
+-                 * type and code are 8 bits wide.  Therefore, an exact match
+-                 * looks like htons(0xff), not htons(0xffff).  See
+-                 * xlate_wc_finish() for details. */
+-                && (!export_mask || (data->tp_src == htons(0xff)
+-                                     && data->tp_dst == htons(0xff)))) {
+-                struct ovs_key_nd *nd_key;
++                /* Even though 'tp_src' is 16 bits wide, ICMP type is 8 bits
++                 * wide.  Therefore, an exact match looks like htons(0xff),
++                 * not htons(0xffff).  See xlate_wc_finish() for details. */
++                && (!export_mask || data->tp_src == htons(0xff))) {
++		struct ovs_key_nd *nd_key;
+                 nd_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_ND,
+                                                     sizeof *nd_key);
+                 nd_key->nd_target = data->nd_target;
+@@ -7122,20 +7120,17 @@ parse_l2_5_onward(const struct nlattr *attrs[OVS_KEY_ATTR_MAX + 1],
+                     flow->arp_sha = nd_key->nd_sll;
+                     flow->arp_tha = nd_key->nd_tll;
+                     if (is_mask) {
+-                        /* Even though 'tp_src' and 'tp_dst' are 16 bits wide,
+-                         * ICMP type and code are 8 bits wide.  Therefore, an
+-                         * exact match looks like htons(0xff), not
+-                         * htons(0xffff).  See xlate_wc_finish() for details.
+-                         * */
+-                        if (!is_all_zeros(nd_key, sizeof *nd_key) &&
+-                            (flow->tp_src != htons(0xff) ||
+-                             flow->tp_dst != htons(0xff))) {
++                       /* Even though 'tp_src' is 16 bits wide, ICMP type
++                         * is 8 bits wide.  Therefore, an exact match looks
++                         * like htons(0xff), not htons(0xffff).  See
++                         * xlate_wc_finish() for details. */
++			if (!is_all_zeros(nd_key, sizeof *nd_key) &&
++			    flow->tp_src != htons(0xff)) {
+                             odp_parse_error(&rl, errorp,
+-                                            "ICMP (src,dst) masks should be "
+-                                            "(0xff,0xff) but are actually "
+-                                            "(%#"PRIx16",%#"PRIx16")",
+-                                            ntohs(flow->tp_src),
+-                                            ntohs(flow->tp_dst));
++                                            "ICMP src mask should be "
++                                            "(0xff) but is actually "
++                                            "(%#"PRIx16")",
++                                            ntohs(flow->tp_src));
+                             return ODP_FIT_ERROR;
+                         } else {
+                             *expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ND;
+diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at
+index b18f0fb..9e32f53 100644
+--- a/tests/ofproto-macros.at
++++ b/tests/ofproto-macros.at
+@@ -141,6 +141,21 @@ strip_stats () {
+     s/bytes:[[0-9]]*/bytes:0/'
+ }
+ 
++# Strips key32 field from output.
++strip_key32 () {
++    sed 's/key32([[0-9 \/]]*),//'
++}
++
++# Strips packet-type from output.
++strip_ptype () {
++    sed 's/packet_type(ns=[[0-9]]*,id=[[0-9]]*),//'
++}
++
++# Strips bare eth from output.
++strip_eth () {
++    sed 's/eth(),//'
++}
++
+ # Changes all 'recirc(...)' and 'recirc=...' to say 'recirc(<recirc_id>)' and
+ # 'recirc=<recirc_id>' respectively.  This should make output easier to
+ # compare.
+diff --git a/tests/system-traffic.at b/tests/system-traffic.at
+index 89b0d26..f8d9783 100644
+--- a/tests/system-traffic.at
++++ b/tests/system-traffic.at
+@@ -1953,6 +1953,57 @@ recirc_id(<recirc>),in_port(3),eth_type(0x0800),ipv4(frag=no), packets:29, bytes
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+ 
++AT_SETUP([datapath - Neighbor Discovery with loose match])
++OVS_TRAFFIC_VSWITCHD_START()
++
++ADD_NAMESPACES(at_ns0, at_ns1)
++
++ADD_VETH(p0, at_ns0, br0, "2001::1:0:392/64", 36:b1:ee:7c:01:03)
++ADD_VETH(p1, at_ns1, br0, "2001::1:0:9/64", 36:b1:ee:7c:01:02)
++
++dnl Set up flows for moving icmp ND Solicit around.  This should be the
++dnl same for the other ND types.
++AT_DATA([flows.txt], [dnl
++table=0 priority=95 icmp6,icmp_type=136,nd_target=2001::1:0:9 actions=resubmit(,10)
++table=0 priority=95 icmp6,icmp_type=136,nd_target=2001::1:0:392 actions=resubmit(,10)
++table=0 priority=65 actions=resubmit(,20)
++table=10 actions=NORMAL
++table=20 actions=drop
++])
++AT_CHECK([ovs-ofctl del-flows br0])
++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
++
++dnl Send a mismatching neighbor discovery.
++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 36 b1 ee 7c 01 02 36 b1 ee 7c 01 03 86 dd 60 00 00 00 00 20 3a ff fe 80 00 00 00 00 00 00 f8 16 3e ff fe 04 66 04 fe 80 00 00 00 00 00 00 f8 16 3e ff fe a7 dd 0e 88 00 f1 f2 20 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 01 36 b1 ee 7c 01 03 > /dev/null])
++
++dnl Send a matching neighbor discovery.
++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 36 b1 ee 7c 01 02 36 b1 ee 7c 01 03 86 dd 60 00 00 00 00 20 3a ff fe 80 00 00 00 00 00 00 f8 16 3e ff fe 04 66 04 fe 80 00 00 00 00 00 00 f8 16 3e ff fe a7 dd 0e 88 00 fe 5f 20 00 00 00 20 01 00 00 00 00 00 00 00 00 00 01 00 00 03 92 02 01 36 b1 ee 7c 01 03 > /dev/null])
++
++AT_CHECK([ovs-appctl dpctl/dump-flows | strip_stats | strip_used | dnl
++          strip_key32 | strip_ptype | strip_eth | strip_recirc | dnl
++          grep ",nd" | sort], [0], [dnl
++recirc_id(<recirc>),in_port(2),eth(src=36:b1:ee:7c:01:03,dst=36:b1:ee:7c:01:02),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(type=136),nd(target=2001::1:0:392), packets:0, bytes:0, used:never, actions:1,3
++recirc_id(<recirc>),in_port(2),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(type=136),nd(target=3000::1), packets:0, bytes:0, used:never, actions:drop
++])
++
++OVS_WAIT_UNTIL([ovs-appctl dpctl/dump-flows | grep ",nd" | wc -l | grep -E ^0])
++
++dnl Send a matching neighbor discovery.
++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 36 b1 ee 7c 01 02 36 b1 ee 7c 01 03 86 dd 60 00 00 00 00 20 3a ff fe 80 00 00 00 00 00 00 f8 16 3e ff fe 04 66 04 fe 80 00 00 00 00 00 00 f8 16 3e ff fe a7 dd 0e 88 00 fe 5f 20 00 00 00 20 01 00 00 00 00 00 00 00 00 00 01 00 00 03 92 02 01 36 b1 ee 7c 01 03 > /dev/null])
++
++dnl Send a mismatching neighbor discovery.
++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 36 b1 ee 7c 01 02 36 b1 ee 7c 01 03 86 dd 60 00 00 00 00 20 3a ff fe 80 00 00 00 00 00 00 f8 16 3e ff fe 04 66 04 fe 80 00 00 00 00 00 00 f8 16 3e ff fe a7 dd 0e 88 00 f1 f2 20 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 01 36 b1 ee 7c 01 03 > /dev/null])
++
++AT_CHECK([ovs-appctl dpctl/dump-flows | strip_stats | strip_used | dnl
++          strip_key32 | strip_ptype | strip_eth | strip_recirc | dnl
++          grep ",nd" | sort], [0], [dnl
++recirc_id(<recirc>),in_port(2),eth(src=36:b1:ee:7c:01:03,dst=36:b1:ee:7c:01:02),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(type=136),nd(target=2001::1:0:392), packets:0, bytes:0, used:never, actions:1,3
++recirc_id(<recirc>),in_port(2),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(type=136),nd(target=3000::1), packets:0, bytes:0, used:never, actions:drop
++])
++
++OVS_TRAFFIC_VSWITCHD_STOP
++AT_CLEANUP
++
+ AT_BANNER([MPLS])
+ 
+ AT_SETUP([mpls - encap header dp-support])
+-- 
+2.27.0
+
diff --git a/openvswitch.spec b/openvswitch.spec
index aee39ddb6f8b3d891bb5ef98fc460621e7344b04..186b65f9241eb234e978dc01a288d0a80f87623a 100644
--- a/openvswitch.spec
+++ b/openvswitch.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 %global _hardened_build 1
 %define _rundir /run
@@ -28,6 +28,9 @@ Patch3: 0001-docs-Add-nowarn-region-option-to-tables.patch
 Patch4: 0001-Fix-rendering-of-VLAN-Comparison-Chart.patch
 Patch5: 0001-fix-CVE-2023-3966.patch
 
+#https://github.com/openvswitch/ovs/commit/e235a421fbdb0c70176e8a3bef13bf7e2056cbc1
+Patch6: 0006-fix-CVE-2023-5366.patch
+
 BuildRequires: gcc gcc-c++ make autoconf automake libtool 
 BuildRequires: systemd-rpm-macros openssl openssl-devel desktop-file-utils 
 BuildRequires: python3-devel python3-six python3-setuptools python3-sortedcontainers
@@ -517,6 +520,9 @@ fi
 %doc NOTICE README.rst NEWS 
 
 %changelog
+* Tue Jun 25 2024 wangce <wangce@uniontech.com> - 2.17.6-4
+- fix:fix for CVE-2023-5366
+
 * Tue May 07 2024 dash <dash@nfschina.com> - 2.17.6-3
 - fix:CVE-2023-3966