diff --git a/SOURCES/kvm-Drop-bogus-IPv6-messages.patch b/SOURCES/kvm-Drop-bogus-IPv6-messages.patch
new file mode 100644
index 0000000..4d6c9ed
--- /dev/null
+++ b/SOURCES/kvm-Drop-bogus-IPv6-messages.patch
@@ -0,0 +1,48 @@
+From 202f3d96a327b1fd7f9f15a692b946e81e855456 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Tue, 19 Jan 2021 22:59:56 -0500
+Subject: [PATCH] Drop bogus IPv6 messages
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+Message-id: <20210119225956.1346483-2-jmaloy@redhat.com>
+Patchwork-id: 100693
+O-Subject: [RHEL-8.3.0.z qemu-kvm PATCH 1/1] Drop bogus IPv6 messages
+Bugzilla: 1939493
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Ralf Haferkamp <rhafer@suse.com>
+
+Drop IPv6 message shorter than what's mentioned in the payload
+length header (+ the size of the IPv6 header). They're invalid an could
+lead to data leakage in icmp6_send_echoreply().
+
+(cherry picked from libslirp commit c7ede54cbd2e2b25385325600958ba0124e31cc0)
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ slirp/src/ip6_input.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/slirp/src/ip6_input.c b/slirp/src/ip6_input.c
+index d9d2b7e9cd..0f2b17853a 100644
+--- a/slirp/src/ip6_input.c
++++ b/slirp/src/ip6_input.c
+@@ -49,6 +49,13 @@ void ip6_input(struct mbuf *m)
+         goto bad;
+     }
+ 
++    // Check if the message size is big enough to hold what's
++    // set in the payload length header. If not this is an invalid
++    // packet
++    if (m->m_len < ntohs(ip6->ip_pl) + sizeof(struct ip6)) {
++        goto bad;
++    }
++
+     /* check ip_ttl for a correct ICMP reply */
+     if (ip6->ip_hl == 0) {
+         icmp6_send_error(m, ICMP6_TIMXCEED, ICMP6_TIMXCEED_INTRANS);
+-- 
+2.27.0
+
diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec
index 2ca1028..7642e3f 100644
--- a/SPECS/qemu-kvm.spec
+++ b/SPECS/qemu-kvm.spec
@@ -67,7 +67,7 @@ Obsoletes: %1-rhev
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 4.2.0
-Release: 34%{?dist}.4
+Release: 34%{?dist}.5
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 Epoch: 15
 License: GPLv2 and GPLv2+ and CC-BY
@@ -968,6 +968,8 @@ Patch405: kvm-virtiofsd-extract-lo_do_open-from-lo_open.patch
 Patch406: kvm-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch
 # For bz#1919109 - CVE-2020-35517 virt:rhel/qemu-kvm: QEMU: virtiofsd: potential privileged host device access from guest [rhel-8.3.0.z]
 Patch407: kvm-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch
+# For bz#1939493 - CVE-2020-10756 virt:rhel/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-8.3.0.z] [rhel-8.3.0.z]
+Patch408: kvm-Drop-bogus-IPv6-messages.patch
 
 BuildRequires: wget
 BuildRequires: rpm-build
@@ -1903,6 +1905,11 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 
 
 %changelog
+* Mon Mar 22 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-34.el8_3.5
+- kvm-Drop-bogus-IPv6-messages.patch [bz#1939493]
+- Resolves: bz#1939493
+  (CVE-2020-10756 virt:rhel/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-8.3.0.z] [rhel-8.3.0.z])
+
 * Wed Feb 10 2021 Jon Maloy <jmaloy@redhat.com> - 4.2.0-34.el8_3.4
 - kvm-virtiofsd-extract-lo_do_open-from-lo_open.patch [bz#1919109]
 - kvm-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch [bz#1919109]