diff --git a/0037-chardev-baum-fix-baum-that-releases.patch b/0037-chardev-baum-fix-baum-that-releases.patch
new file mode 100644
index 00000000..a1f581bf
--- /dev/null
+++ b/0037-chardev-baum-fix-baum-that-releases.patch
@@ -0,0 +1,34 @@
+From f7693dc747607758e80f9b3e506105461f4455bb Mon Sep 17 00:00:00 2001
+From: Liang Yan <lyan@suse.com>
+Date: Fri, 22 Sep 2017 18:55:33 -0400
+Subject: [PATCH] chardev/baum: fix baum that releases brlapi twice
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Error process of baum_chr_open needs to set brlapi null, so it won't
+get released twice in char_braille_finalize, which will cause
+"/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"
+
+Signed-off-by: Liang Yan <lyan@suse.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+(cherry picked from commit 98e8790326d732fc79f0c133d9658f4761ba9cb7)
+[LY: BSC#1060045]
+Signed-off-by: Liang Yan <lyan@suse.com>
+---
+ chardev/baum.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chardev/baum.c b/chardev/baum.c
+index 302dd9666c..67fd783a59 100644
+--- a/chardev/baum.c
++++ b/chardev/baum.c
+@@ -643,6 +643,7 @@ static void baum_chr_open(Chardev *chr,
+         error_setg(errp, "brlapi__openConnection: %s",
+                    brlapi_strerror(brlapi_error_location()));
+         g_free(handle);
++        baum->brlapi = NULL;
+         return;
+     }
+     baum->deferred_init = 0;
diff --git a/qemu-linux-user.changes b/qemu-linux-user.changes
index 6a4fb9e8..f70fcbd7 100644
--- a/qemu-linux-user.changes
+++ b/qemu-linux-user.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Sep 28 17:31:36 UTC 2017 - lyan@suse.com
+
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10
+* Patches added:
+  0037-chardev-baum-fix-baum-that-releases.patch
+
 -------------------------------------------------------------------
 Thu Sep 21 21:41:08 UTC 2017 - brogers@suse.com
 
diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec
index 88d0a036..3314879e 100644
--- a/qemu-linux-user.spec
+++ b/qemu-linux-user.spec
@@ -62,6 +62,7 @@ Patch0033:      0033-tests-Add-scsi-disk-test.patch
 Patch0034:      0034-slirp-fix-clearing-ifq_so-from-pend.patch
 Patch0035:      0035-s390-ccw-Fix-alignment-for-CCW1.patch
 Patch0036:      0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
+Patch0037:      0037-chardev-baum-fix-baum-that-releases.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 Source400:      update_git.sh
@@ -151,6 +152,7 @@ run cross-architecture builds.
 %patch0034 -p1
 %patch0035 -p1
 %patch0036 -p1
+%patch0037 -p1
 
 %build
 ./configure \
diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes
index a84b2a96..11b8eaa6 100644
--- a/qemu-testsuite.changes
+++ b/qemu-testsuite.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Sep 28 17:31:33 UTC 2017 - lyan@suse.com
+
+- Fix baum that release brlapi twice (bsc#1060045)
+  0037-chardev-baum-fix-baum-that-releases.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10
+
 -------------------------------------------------------------------
 Thu Sep 21 21:41:05 UTC 2017 - brogers@suse.com
 
diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec
index b0fc30fb..6321a082 100644
--- a/qemu-testsuite.spec
+++ b/qemu-testsuite.spec
@@ -168,6 +168,7 @@ Patch0033:      0033-tests-Add-scsi-disk-test.patch
 Patch0034:      0034-slirp-fix-clearing-ifq_so-from-pend.patch
 Patch0035:      0035-s390-ccw-Fix-alignment-for-CCW1.patch
 Patch0036:      0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
+Patch0037:      0037-chardev-baum-fix-baum-that-releases.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -853,6 +854,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0034 -p1
 %patch0035 -p1
 %patch0036 -p1
+%patch0037 -p1
 
 pushd roms/ipxe
 %patch1100 -p1
diff --git a/qemu.changes b/qemu.changes
index a84b2a96..11b8eaa6 100644
--- a/qemu.changes
+++ b/qemu.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Sep 28 17:31:33 UTC 2017 - lyan@suse.com
+
+- Fix baum that release brlapi twice (bsc#1060045)
+  0037-chardev-baum-fix-baum-that-releases.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10
+
 -------------------------------------------------------------------
 Thu Sep 21 21:41:05 UTC 2017 - brogers@suse.com
 
diff --git a/qemu.spec b/qemu.spec
index e5b454ff..242a01ec 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -168,6 +168,7 @@ Patch0033:      0033-tests-Add-scsi-disk-test.patch
 Patch0034:      0034-slirp-fix-clearing-ifq_so-from-pend.patch
 Patch0035:      0035-s390-ccw-Fix-alignment-for-CCW1.patch
 Patch0036:      0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
+Patch0037:      0037-chardev-baum-fix-baum-that-releases.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -853,6 +854,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0034 -p1
 %patch0035 -p1
 %patch0036 -p1
+%patch0037 -p1
 
 pushd roms/ipxe
 %patch1100 -p1