diff --git a/Makefile-fix-build-with-binutils-2.38.patch b/Makefile-fix-build-with-binutils-2.38.patch
new file mode 100644
index 00000000..9b16faae
--- /dev/null
+++ b/Makefile-fix-build-with-binutils-2.38.patch
@@ -0,0 +1,57 @@
+From: Aurelien Jarno <aurelien@aurel32.net>
+Date: Fri, 28 Jan 2022 18:33:46 +0100
+Subject: Makefile: fix build with binutils 2.38
+
+Git-commit: 5d53b55aa77ffeefd4012445dfa6ad3535e1ff2c
+
+From version 2.38, binutils default to ISA spec version 20191213. This
+means that the csr read/write (csrr*/csrw*) instructions and fence.i
+instruction has separated from the `I` extension, become two standalone
+extensions: Zicsr and Zifencei. As the kernel uses those instruction,
+this causes the following build failure:
+
+ CC        lib/sbi/sbi_tlb.o
+<<BUILDDIR>>/lib/sbi/sbi_tlb.c: Assembler messages:
+<<BUILDDIR>>/lib/sbi/sbi_tlb.c:190: Error: unrecognized opcode `fence.i'
+make: *** [Makefile:431: <<BUILDDIR>>/build/lib/sbi/sbi_tlb.o] Error 1
+
+The fix is to specify those extensions explicitly in -march. However as
+older binutils version do not support this, we first need to detect
+that.
+
+Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
+Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
+Tested-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
+Reviewed-by: Anup Patel <anup@brainfault.org>
+Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
+---
+ Makefile | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/roms/opensbi/Makefile b/roms/opensbi/Makefile
+index d6f097d30af78c0fba92eeeec523..a294f46fa8e16caec64d5a88c2a2 100644
+--- a/roms/opensbi/Makefile
++++ b/roms/opensbi/Makefile
+@@ -106,6 +106,9 @@ ifndef PLATFORM_RISCV_XLEN
+   endif
+ endif
+ 
++# Check whether the assembler and the compiler support the Zicsr and Zifencei extensions
++CC_SUPPORT_ZICSR_ZIFENCEI := $(shell $(CC) $(CLANG_TARGET) $(RELAX_FLAG) -nostdlib -march=rv$(OPENSBI_CC_XLEN)imafd_zicsr_zifencei -x c /dev/null -o /dev/null 2>&1 | grep "zicsr\|zifencei" > /dev/null && echo n || echo y)
++
+ # Setup list of objects.mk files
+ ifdef PLATFORM
+ platform-object-mks=$(shell if [ -d $(platform_src_dir)/ ]; then find $(platform_src_dir) -iname "objects.mk" | sort -r; fi)
+@@ -157,7 +160,11 @@ ifndef PLATFORM_RISCV_ABI
+ endif
+ ifndef PLATFORM_RISCV_ISA
+   ifneq ($(PLATFORM_RISCV_TOOLCHAIN_DEFAULT), 1)
+-    PLATFORM_RISCV_ISA = rv$(PLATFORM_RISCV_XLEN)imafdc
++    ifeq ($(CC_SUPPORT_ZICSR_ZIFENCEI), y)
++      PLATFORM_RISCV_ISA = rv$(PLATFORM_RISCV_XLEN)imafdc_zicsr_zifencei
++    else
++      PLATFORM_RISCV_ISA = rv$(PLATFORM_RISCV_XLEN)imafdc
++    endif
+   else
+     PLATFORM_RISCV_ISA = $(OPENSBI_CC_ISA)
+   endif
diff --git a/bundles.tar.xz b/bundles.tar.xz
index ab019c31..9fd38454 100644
--- a/bundles.tar.xz
+++ b/bundles.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0dcea7c34fdbef6dc0537f15260f037d6c3e3513315749018555dfbf45745691
-size 76160
+oid sha256:15c93c65a944d8c0bfb4e22bbc9b0cdcca5b380f6e93e41d750b4c149bee72aa
+size 78080
diff --git a/hw-scsi-megasas-check-for-NULL-frame-in-.patch b/hw-scsi-megasas-check-for-NULL-frame-in-.patch
new file mode 100644
index 00000000..9c62c48a
--- /dev/null
+++ b/hw-scsi-megasas-check-for-NULL-frame-in-.patch
@@ -0,0 +1,31 @@
+From: Mauro Matteo Cascella <mcascell@redhat.com>
+Date: Mon, 7 Mar 2022 16:22:01 +0100
+Subject: hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()
+
+Git-commit: 00000000000000000000000000000000000000000000
+References: bsc#1180432, CVE-2020-35503
+
+Ensure that 'cmd->frame' is not NULL before accessing the 'header' field.
+This check prevents a potential NULL pointer dereference issue.
+
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
+Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
+Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
+---
+ hw/scsi/megasas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 4ff51221d4cd0952d9394b8f66b1..07b2b08bf2866907acf0a2b4450c 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -1891,7 +1891,7 @@ static void megasas_command_cancelled(SCSIRequest *req)
+ {
+     MegasasCmd *cmd = req->hba_private;
+ 
+-    if (!cmd) {
++    if (!cmd || !cmd->frame) {
+         return;
+     }
+     cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED;
diff --git a/qemu.changes b/qemu.changes
index 194ec94d..6a582763 100644
--- a/qemu.changes
+++ b/qemu.changes
@@ -1,5 +1,5 @@
 -------------------------------------------------------------------
-Tue Mar  1 16:58:31 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
+Mon Mar  7 15:45:42 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
 
 - Build PPC firmwares from sources on non-PPC builds as well
   (bsc#1193545)
@@ -8,6 +8,15 @@ Tue Mar  1 16:58:31 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
   logic and code
 * Patches added:
   Makefile-define-endianess-for-cross-buil.patch
+  Makefile-fix-build-with-binutils-2.38.patch
+
+-------------------------------------------------------------------
+Mon Mar  7 14:14:18 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
+
+- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
+  bus adapter (bsc#1180432, CVE-2020-35503)
+* Patches added:
+  hw-scsi-megasas-check-for-NULL-frame-in-.patch
 
 -------------------------------------------------------------------
 Fri Feb 18 18:39:54 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
diff --git a/qemu.spec b/qemu.spec
index d1a69099..d91df197 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -214,6 +214,7 @@ Patch00067:     iotest-214-explicit-compression-type.patch
 Patch00068:     iotests-declare-lack-of-support-for-comp.patch
 Patch00069:     block-backend-Retain-permissions-after-m.patch
 Patch00070:     virtiofsd-Drop-membership-of-all-supplem.patch
+Patch00071:     hw-scsi-megasas-check-for-NULL-frame-in-.patch
 # Patches applied in roms/seabios/:
 Patch01000:     seabios-use-python2-explicitly-as-needed.patch
 Patch01001:     seabios-switch-to-python3-as-needed.patch
@@ -231,6 +232,8 @@ Patch03001:     roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
 Patch05000:     Makefile-define-endianess-for-cross-buil.patch
 # Patches applied in roms/qboot/:
 Patch11000:     qboot-add-cross.ini-file-to-handle-aarch.patch
+# Patches applied in roms/opensbi/:
+Patch13000:     Makefile-fix-build-with-binutils-2.38.patch
 # Patches applied in roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/:
 Patch27000:     brotli-fix-actual-variable-array-paramet.patch
 
@@ -1202,6 +1205,7 @@ This package records qemu testsuite results and represents successful testing.
 %patch00068 -p1
 %patch00069 -p1
 %patch00070 -p1
+%patch00071 -p1
 %patch01000 -p1
 %patch01001 -p1
 %patch01002 -p1
@@ -1216,6 +1220,7 @@ This package records qemu testsuite results and represents successful testing.
 %patch03001 -p1
 %patch05000 -p1
 %patch11000 -p1
+%patch13000 -p1
 %patch27000 -p1
 
 %if "%{name}" != "qemu-linux-user"