diff --git a/0046-add-primary-group-to-additional-groups.patch b/0046-add-primary-group-to-additional-groups.patch
new file mode 100644
index 0000000..1591920
--- /dev/null
+++ b/0046-add-primary-group-to-additional-groups.patch
@@ -0,0 +1,31 @@
+From d1527a3b8405d92f638c46c8250f2636ba18c644 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Fri, 25 Nov 2022 16:22:47 +0800
+Subject: [PATCH] add primary group to additional groups
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ src/daemon/modules/image/image_rootfs_handler.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
+index 842c1dd3..a76363d0 100644
+--- a/src/daemon/modules/image/image_rootfs_handler.c
++++ b/src/daemon/modules/image/image_rootfs_handler.c
+@@ -546,6 +546,13 @@ int get_user_from_image_roofs(const char *basefs, const host_config *hc, const c
+         }
+     }
+ 
++    // CVE-2022-36109
++    // add primary group to additional groups
++    ret = append_additional_gids(puser->gid, &puser->additional_gids, &puser->additional_gids_len);
++    if (ret != 0) {
++        goto cleanup;
++    }
++
+ cleanup:
+     if (f_passwd != NULL) {
+         fclose(f_passwd);
+-- 
+2.25.1
+
diff --git a/iSulad.spec b/iSulad.spec
index 6816fc3..92cd488 100644
--- a/iSulad.spec
+++ b/iSulad.spec
@@ -1,5 +1,5 @@
 %global _version 2.0.17
-%global _release 8
+%global _release 9
 %global is_systemd 1
 %global enable_shimv2 1
 %global is_embedded 1
@@ -58,6 +58,7 @@ Patch0042: 0042-isula-usage-consistency-optimization.patch
 Patch0043: 0043-fix-do-container_unref-in-oci_rootfs_clean.patch
 Patch0044: 0044-fix-can-not-install-isulad-rpm-because-of-spec.patch
 Patch0045: 0045-remove-unknown-option-wno-maybe-uninitialized.patch
+Patch0046: 0046-add-primary-group-to-additional-groups.patch
 
 %ifarch x86_64 aarch64
 Provides:       libhttpclient.so()(64bit)
@@ -284,6 +285,12 @@ fi
 %endif
 
 %changelog
+* Fri Nov 25 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-9
+- Type: bugfix
+- ID: NA
+- SUG: NA
+- DESC: add primary group to additional groups
+
 * Mon Nov 21 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-8
 - Type: bugfix
 - ID: NA