diff --git a/0001-target-i386-define-md-clear-bit.patch b/0001-target-i386-define-md-clear-bit.patch
new file mode 100644
index 0000000..eb26334
--- /dev/null
+++ b/0001-target-i386-define-md-clear-bit.patch
@@ -0,0 +1,31 @@
+From de8cb5ded43603937e0e7c341fcd7521822328a6 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Sat, 2 Mar 2019 00:07:10 +0100
+Subject: [PATCH] target/i386: define md-clear bit
+
+md-clear is a new CPUID bit which is set when microcode provides the
+mechanism to invoke a flush of various exploitable CPU buffers by invoking
+the VERW instruction.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from a private commit)
+---
+ target/i386/cpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index d6bb57d210..4ea78a4939 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1076,7 +1076,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+         .feat_names = {
+             NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
+             NULL, NULL, NULL, NULL,
+-            NULL, NULL, NULL, NULL,
++            NULL, NULL, "md-clear", NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+-- 
+2.21.0
+
diff --git a/qemu.spec b/qemu.spec
index 8b37e21..6229063 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -148,7 +148,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 4.0.0
-Release: 1%{?rcrel}%{?dist}
+Release: 2%{?rcrel}%{?dist}
 Epoch: 2
 License: GPLv2 and BSD and MIT and CC-BY
 URL: http://www.qemu.org/
@@ -178,6 +178,9 @@ Source21: 95-kvm-ppc64-memlock.conf
 Patch0001: 0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch
 
 
+# CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+Patch1001: 0001-target-i386-define-md-clear-bit.patch
+
 # documentation deps
 BuildRequires: texinfo
 # For /usr/bin/pod2man
@@ -1727,7 +1730,12 @@ getent passwd qemu >/dev/null || \
 
 
 %changelog
-* Wed Apr 24 2019 Cole Robinson <aintdiscole@gmail.com> - 4.0.0-1
+* Tue May 14 2019 Daniel P. Berrangé <berrange@redhat.com> - 2:4.0.0-2
+- Define md-clear CPUID bit
+- Resolves: rhbz #1710002 (CVE-2018-12126), rhbz #1710004 (CVE-2018-12127),
+  rhbz #1710003 (CVE-2018-12130), rhbz #1710006 (CVE-2019-11091)
+
+* Wed Apr 24 2019 Cole Robinson <aintdiscole@gmail.com> - 2:4.0.0-1
 - Update to qemu-4.0.0 GA
 
 * Tue Apr 16 2019 Cole Robinson <crobinso@redhat.com> - 2:4.0.0-0.7.rc3