diff --git a/backport-CVE-2024-27282.patch b/backport-CVE-2024-27282.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1ecd087e37b76efc48bd0242c0186d939f8a139b
--- /dev/null
+++ b/backport-CVE-2024-27282.patch
@@ -0,0 +1,31 @@
+From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 12 Apr 2024 15:01:47 +1000
+Subject: [PATCH] Fix Use-After-Free issue for Regexp
+
+Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com>
+
+
+Reference:https://github.com/ruby/rdoc/commit/989a2355808a63fc45367785c82ffd46d18c900a
+Conflict:NA
+---
+ regexec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/regexec.c b/regexec.c
+index 73694ab14a..140691ad42 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+     CASE(OP_MEMORY_END_PUSH_REC)  MOP_IN(OP_MEMORY_END_PUSH_REC);
+       GET_MEMNUM_INC(mem, p);
+       STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
+-      STACK_PUSH_MEM_END(mem, s);
+       mem_start_stk[mem] = GET_STACK_INDEX(stkp);
++      STACK_PUSH_MEM_END(mem, s);
+       MOP_OUT;
+       JUMP;
+ 
+-- 
+2.33.0
+
diff --git a/ruby.spec b/ruby.spec
index 4b2f5608031e02d0f1a1576bf4c4b89a2d35562f..9ecdb02eb43c399f9c0370325e463739e6c69473 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -1,6 +1,6 @@
 Name:      ruby
 Version:   2.5.8
-Release:   123
+Release:   124
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/
@@ -61,6 +61,7 @@ Patch6017: backport-CVE-2024-27281-Filter-marshaled-objects.patch
 Patch6018: backport-CVE-2024-27281-Use-safe_load-for-.rdoc_options.patch
 Patch6019: backport-CVE-2024-27281-Fix-NoMethodError-for-start_with.patch
 Patch6020: backport-Use-File.open-instead-of-Kernel-open.patch
+Patch6021: backport-CVE-2024-27282.patch
 
 Provides:  %{name}-libs = %{version}-%{release}
 Obsoletes: %{name}-libs < %{version}-%{release}
@@ -598,6 +599,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
 %exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
 
 %changelog
+* Mon May 6 2024 zhoupengcheng11 <zhoupengcheng11@huawei.com> - 2.5.8-124
+- fix CVE-2024-27282
+
 * Sun Apr 07 2024 shixuantong <shixuantong1@huawei.com> - 2.5.8-123
 - Use File.open instead of Kernel#open to avoid potential security risks