diff --git a/SOURCES/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch b/SOURCES/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch
new file mode 100644
index 0000000..e86734a
--- /dev/null
+++ b/SOURCES/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch
@@ -0,0 +1,47 @@
+From b76070b36f9952421488fbf5a15f470c53e1c136 Mon Sep 17 00:00:00 2001
+Message-Id: <b76070b36f9952421488fbf5a15f470c53e1c136@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 13 Dec 2019 14:28:07 +0100
+Subject: [PATCH] cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2019-11135
+
+CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not
+vulnerable to TSX Asynchronous Abort and passing this bit to a guest
+may avoid unnecessary mitigations.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 07aaced4e6ea6db8b27f44636f51cafa6f1847a8)
+
+Conflicts:
+	src/cpu_map/x86_features.xml
+            - cpu_map is still monolithic downstream
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Message-Id: <0ff574a85f1cc7b53140d41a6a62254bea08a06f.1576243094.git.jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/cpu/cpu_map.xml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
+index 7b9f8bb452..c2b3fca47a 100644
+--- a/src/cpu/cpu_map.xml
++++ b/src/cpu/cpu_map.xml
+@@ -501,6 +501,9 @@
+     <feature name='mds-no'>
+       <msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
+     </feature>
++    <feature name='taa-no'>
++      <msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
++    </feature>
+ 
+     <!-- models -->
+     <model name='486'>
+-- 
+2.24.0
+
diff --git a/SOURCES/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch b/SOURCES/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch
new file mode 100644
index 0000000..f89c06c
--- /dev/null
+++ b/SOURCES/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch
@@ -0,0 +1,46 @@
+From 175416715561964226c5c75eaeb7c2fa55395f65 Mon Sep 17 00:00:00 2001
+Message-Id: <175416715561964226c5c75eaeb7c2fa55395f65@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 13 Dec 2019 14:28:08 +0100
+Subject: [PATCH] cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2019-11135
+
+When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU
+supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit f411b7ef68221e82dec0129aaf2f2a26a8987504)
+
+Conflicts:
+	src/cpu_map/x86_features.xml
+            - cpu_map is still monolithic downstream
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Message-Id: <cb4f05c8c84ed910bcd4bceae58f6fd090684031.1576243094.git.jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/cpu/cpu_map.xml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
+index c2b3fca47a..9609ce71a7 100644
+--- a/src/cpu/cpu_map.xml
++++ b/src/cpu/cpu_map.xml
+@@ -501,6 +501,9 @@
+     <feature name='mds-no'>
+       <msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
+     </feature>
++    <feature name='tsx-ctrl'>
++      <msr index='0x10a' edx='0x00000000' eax='0x00000080'/>
++    </feature>
+     <feature name='taa-no'>
+       <msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
+     </feature>
+-- 
+2.24.0
+
diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec
index ed2dd31..b4f6342 100644
--- a/SPECS/libvirt.spec
+++ b/SPECS/libvirt.spec
@@ -251,7 +251,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 4.5.0
-Release: 35.1%{?dist}%{?extra_release}
+Release: 35.2%{?dist}%{?extra_release}
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -810,6 +810,8 @@ Patch546: libvirt-qemu-Drop-disabled-CPU-features-unknown-to-QEMU.patch
 Patch547: libvirt-cputest-Add-data-for-Ice-Lake-Server-CPU.patch
 Patch548: libvirt-cpu_map-Drop-pconfig-from-Icelake-Server-CPU-model.patch
 Patch549: libvirt-qemu-Fix-NULL-ptr-dereference-caused-by-qemuDomainDefFormatBufInternal.patch
+Patch550: libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch
+Patch551: libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-MSR.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -2721,6 +2723,10 @@ exit 0
 
 
 %changelog
+* Mon Dec 16 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-35.2.el8
+- cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135)
+- cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135)
+
 * Wed Nov 27 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-35.1.el8
 - cpu_conf: Pass policy to CPU feature filtering callbacks (rhbz#1775133, rhbz#1775134, rhbz#1775137)
 - qemuxml2*test: Add tests for Icelake-Server, -pconfig (rhbz#1775133, rhbz#1775134, rhbz#1775137)