diff --git a/SOURCES/libffi-3.1-memfd.patch b/SOURCES/libffi-3.1-memfd.patch
new file mode 100644
index 0000000..9fc901f
--- /dev/null
+++ b/SOURCES/libffi-3.1-memfd.patch
@@ -0,0 +1,120 @@
+From 5c63b463b87d3c06102a4a7f05f395929d9ea79b Mon Sep 17 00:00:00 2001
+From: DJ Delorie <dj@delorie.com>
+Date: Wed, 2 Dec 2020 16:14:27 -0500
+Subject: Use memfd_create() (#604)
+
+memfd_create creates a file in a memory-only filesystem that may
+bypass strict security protocols in filesystem-based temporary
+files.
+
+diff -rup a/configure.ac b/configure.ac
+--- a/configure.ac	2014-05-11 09:57:49.000000000 -0400
++++ b/configure.ac	2021-11-03 17:41:31.935391831 -0400
+@@ -63,6 +63,9 @@ EOF
+ 
+ AM_MAINTAINER_MODE
+ 
++AC_CHECK_HEADERS(sys/memfd.h)
++AC_CHECK_FUNCS([memfd_create])
++
+ AC_CHECK_HEADERS(sys/mman.h)
+ AC_CHECK_FUNCS(mmap)
+ AC_FUNC_MMAP_BLACKLIST
+diff -rup a/configure b/configure
+--- a/configure	2014-05-19 09:44:03.000000000 -0400
++++ b/configure	2021-11-18 17:29:45.484951520 -0500
+@@ -16976,6 +16976,30 @@ fi
+ 
+ 
+ 
++for ac_header in sys/memfd.h
++do :
++  ac_fn_c_check_header_mongrel "$LINENO" "sys/memfd.h" "ac_cv_header_sys_memfd_h" "$ac_includes_default"
++if test "x$ac_cv_header_sys_memfd_h" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_SYS_MEMFD_H 1
++_ACEOF
++
++fi
++
++done
++
++for ac_func in memfd_create
++do :
++  ac_fn_c_check_func "$LINENO" "memfd_create" "ac_cv_func_memfd_create"
++if test "x$ac_cv_func_memfd_create" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_MEMFD_CREATE 1
++_ACEOF
++
++fi
++done
++
++
+ for ac_header in sys/mman.h
+ do :
+   ac_fn_c_check_header_mongrel "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "$ac_includes_default"
+diff -rup a/fficonfig.h.in b/fficonfig.h.in
+--- a/fficonfig.h.in	2014-05-19 09:44:04.000000000 -0400
++++ b/fficonfig.h.in	2021-11-18 17:45:39.000000000 -0500
+@@ -79,6 +79,9 @@
+ /* Define to 1 if you have the `memcpy' function. */
+ #undef HAVE_MEMCPY
+ 
++/* Define to 1 if you have the `memfd_create' function. */
++#undef HAVE_MEMFD_CREATE
++
+ /* Define to 1 if you have the <memory.h> header file. */
+ #undef HAVE_MEMORY_H
+ 
+@@ -109,6 +112,9 @@
+ /* Define to 1 if you have the <string.h> header file. */
+ #undef HAVE_STRING_H
+ 
++/* Define to 1 if you have the <sys/memfd.h> header file. */
++#undef HAVE_SYS_MEMFD_H
++
+ /* Define to 1 if you have the <sys/mman.h> header file. */
+ #undef HAVE_SYS_MMAN_H
+ 
+diff -rup a/src/closures.c b/src/closures.c
+--- a/src/closures.c	2021-11-03 17:37:37.841416436 -0400
++++ b/src/closures.c	2021-11-03 17:43:19.027498783 -0400
+@@ -117,6 +117,9 @@
+ #endif /* HAVE_MNTENT */
+ #include <sys/param.h>
+ #include <pthread.h>
++#ifdef  HAVE_SYS_MEMFD_H
++#include <sys/memfd.h>
++#endif
+ 
+ /* We don't want sys/mman.h to be included after we redefine mmap and
+    dlmunmap.  */
+@@ -263,6 +266,17 @@ static int execfd = -1;
+ /* The amount of space already allocated from the temporary file.  */
+ static size_t execsize = 0;
+ 
++#ifdef HAVE_MEMFD_CREATE
++/* Open a temporary file name, and immediately unlink it.  */
++static int
++open_temp_exec_file_memfd (const char *name)
++{
++  int fd;
++  fd = memfd_create (name, MFD_CLOEXEC);
++  return fd;
++}
++#endif
++
+ /* Open a temporary file name, and immediately unlink it.  */
+ static int
+ open_temp_exec_file_name (char *name, int flags)
+@@ -382,6 +396,9 @@ static struct
+   const char *arg;
+   int repeat;
+ } open_temp_exec_file_opts[] = {
++#ifdef HAVE_MEMFD_CREATE
++  { open_temp_exec_file_memfd, "libffi", 0 },
++#endif
+   { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
+   { open_temp_exec_file_env, "TMPDIR", 0 },
+   { open_temp_exec_file_dir, "/tmp", 0 },
diff --git a/SPECS/libffi.spec b/SPECS/libffi.spec
index 06bcf73..852b712 100644
--- a/SPECS/libffi.spec
+++ b/SPECS/libffi.spec
@@ -2,7 +2,7 @@
 
 Name:		libffi
 Version:	3.1
-Release:	22%{?dist}
+Release:	23%{?dist}
 Summary:	A portable foreign function interface library
 
 Group:		System Environment/Libraries
@@ -17,6 +17,7 @@ Patch2:		libffi-aarch64-rhbz1174037.patch
 Patch3:		libffi-3.1-aarch64-fix-exec-stack.patch
 Patch5:		libffi-3.1-closures-Create-temporary-file-with-O_TMPFILE-and-O_.patch
 Patch6:		libffi-3.1-libffi_tmpdir.patch
+Patch7:		libffi-3.1-memfd.patch
 
 %description
 Compilers for high level languages generate code that follow certain
@@ -67,6 +68,7 @@ developing applications that use %{name}.
 %patch3 -p1 -b .aarch64execstack
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 
 %build
@@ -127,6 +129,9 @@ fi
 %{_infodir}/libffi.info.gz
 
 %changelog
+* Fri Nov 19 2021 DJ Delorie <dj@redhat.com> - 3.1-23
+- Use memfd_create() to allocate closures (#1875340)
+
 * Wed May 6 2020 DJ Delorie <dj@redhat.com> - 3.1-22
 - Add $LIBFFI_TMPDIR environment variable support (#1723951)