diff --git a/SOURCES/0001-Fix-XChangeFeedbackControl-request-underflow.patch b/SOURCES/0001-Fix-XChangeFeedbackControl-request-underflow.patch
new file mode 100644
index 0000000..3d4f0a4
--- /dev/null
+++ b/SOURCES/0001-Fix-XChangeFeedbackControl-request-underflow.patch
@@ -0,0 +1,35 @@
+From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Sun, 21 Mar 2021 18:38:57 +0100
+Subject: [PATCH] Fix XChangeFeedbackControl() request underflow
+
+CVE-2021-3472 / ZDI-CAN-1259
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+---
+ Xi/chgfctl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
+index 1de4da9ef..7a597e43d 100644
+--- a/Xi/chgfctl.c
++++ b/Xi/chgfctl.c
+@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
+         break;
+     case StringFeedbackClass:
+     {
+-        xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
++        xStringFeedbackCtl *f;
+ 
++        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
++                                    sizeof(xStringFeedbackCtl));
++        f = ((xStringFeedbackCtl *) &stuff[1]);
+         if (client->swapped) {
+             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
+                 return BadLength;
+-- 
+2.25.4
+
diff --git a/SPECS/xorg-x11-server.spec b/SPECS/xorg-x11-server.spec
index 9a0147a..6992236 100644
--- a/SPECS/xorg-x11-server.spec
+++ b/SPECS/xorg-x11-server.spec
@@ -42,7 +42,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.20.4
-Release:   15%{?gitdate:.%{gitdate}}%{?dist}
+Release:   16%{?gitdate:.%{gitdate}}%{?dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@@ -150,6 +150,8 @@ Patch10005: 0001-fix-for-ZDI-11426.patch
 Patch10006: 0001-Fix-XkbSetDeviceInfo-and-SetDeviceIndicators-heap-ov.patch
 # CVE-2020-14360
 Patch10007: 0002-Check-SetMap-request-length-carefully.patch
+# CVE-2021-3472
+Patch10008: 0001-Fix-XChangeFeedbackControl-request-underflow.patch
 
 %global moduledir	%{_libdir}/xorg/modules
 %global drimoduledir	%{_libdir}/dri
@@ -632,6 +634,9 @@ rm -rf $RPM_BUILD_ROOT
 %{xserver_source_dir}
 
 %changelog
+* Mon May 10 2021 Adam Jackson <ajax@redhat.com> - 1.20.4-16
+- CVE fix for: CVE-2021-3472 (#1944956)
+
 * Thu Dec 10 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.20.4-15
 - CVE fix for: CVE-2020-25712 (#1904937), CVE-2020-14360 (#1904934)