diff --git a/0001-mbimcli-intel-tools-parse-trace-command-value-in-a-m.patch b/0001-mbimcli-intel-tools-parse-trace-command-value-in-a-m.patch
new file mode 100644
index 0000000..1116172
--- /dev/null
+++ b/0001-mbimcli-intel-tools-parse-trace-command-value-in-a-m.patch
@@ -0,0 +1,53 @@
+From 87e606a20037b5730aeac6971c6a9a6c2de3cbf8 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Thu, 23 May 2024 00:03:53 +0200
+Subject: [PATCH 1/2] mbimcli-intel-tools: parse trace command & value in a
+ more straightforward way
+
+Don't conditionalize setting trace_command and trace_value on split
+substrings being non-NULL. It makes a static analysis tool think they
+might be used uninitialized. That can-not happen, because the substrings
+can in fact never be NULL.
+
+Let's keep the check in form of an assert (perhaps to guard against
+a possible glib bug, etc.).
+
+(cherry picked from commit 65d02fc647c42b7c743690c769d4bc2c6f2a69c9)
+---
+ src/mbimcli/mbimcli-intel-tools.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/src/mbimcli/mbimcli-intel-tools.c b/src/mbimcli/mbimcli-intel-tools.c
+index 9faab2b..8ab47c7 100644
+--- a/src/mbimcli/mbimcli-intel-tools.c
++++ b/src/mbimcli/mbimcli-intel-tools.c
+@@ -203,18 +203,16 @@ mbimcli_intel_tools_run (MbimDevice   *device,
+             return;
+         }
+ 
+-        if (split[0]) {
+-            if (!mbimcli_read_trace_command_from_string (split[0], &trace_command)) {
+-                g_printerr ("error: couldn't parse input string, invalid trace command '%s'\n", split[0]);
+-                return;
+-            }
++        g_return_if_fail (split[0] && split[1]);
++
++        if (!mbimcli_read_trace_command_from_string (split[0], &trace_command)) {
++            g_printerr ("error: couldn't parse input string, invalid trace command '%s'\n", split[0]);
++            return;
+         }
+ 
+-        if (split[1]) {
+-            if (!mbimcli_read_uint_from_string (split[1], &trace_value)) {
+-                g_printerr ("error: couldn't parse input string, invalid trace value '%s'\n", split[1]);
+-                return;
+-            }
++        if (!mbimcli_read_uint_from_string (split[1], &trace_value)) {
++            g_printerr ("error: couldn't parse input string, invalid trace value '%s'\n", split[1]);
++            return;
+         }
+ 
+         g_debug ("Asynchronously setting trace info...");
+-- 
+2.45.2
+
diff --git a/0002-mbimcli-intel-thermal-rf-fix-a-potential-mem-leak-in.patch b/0002-mbimcli-intel-thermal-rf-fix-a-potential-mem-leak-in.patch
new file mode 100644
index 0000000..e3c0f4a
--- /dev/null
+++ b/0002-mbimcli-intel-thermal-rf-fix-a-potential-mem-leak-in.patch
@@ -0,0 +1,45 @@
+From 63be2092ffb232fc646d4237e52fd1f0cf99e07f Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Wed, 22 May 2024 17:49:17 +0200
+Subject: [PATCH 2/2] mbimcli-intel-thermal-rf: fix a potential mem leak in
+ query_rfim_ready()
+
+These were autofree'd on function return, but can actually be assigned
+new allocations on each inner loop interation. Move them inside the
+loop.
+
+(cherry picked from commit 9c42e9d1d6d124907dc17e77a97d2a3023552f1e)
+---
+ src/mbimcli/mbimcli-intel-thermal-rf.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/mbimcli/mbimcli-intel-thermal-rf.c b/src/mbimcli/mbimcli-intel-thermal-rf.c
+index 04f477e..901e7aa 100644
+--- a/src/mbimcli/mbimcli-intel-thermal-rf.c
++++ b/src/mbimcli/mbimcli-intel-thermal-rf.c
+@@ -125,10 +125,6 @@ query_rfim_ready (MbimDevice   *device,
+     g_autoptr(GError)                 error = NULL;
+     guint32                           element_count;
+     MbimIntelRfimFrequencyValueArray *rfim_frequency;
+-    g_autofree gchar                 *rssi_str = NULL;
+-    g_autofree gchar                 *sinr_str = NULL;
+-    g_autofree gchar                 *rsrq_str = NULL;
+-    g_autofree gchar                 *rsrp_str = NULL;
+ 
+     response = mbim_device_command_finish (device, res, &error);
+     if (!response || !mbim_message_response_get_result (response, MBIM_MESSAGE_TYPE_COMMAND_DONE, &error)) {
+@@ -151,6 +147,11 @@ query_rfim_ready (MbimDevice   *device,
+              element_count);
+ 
+     for (i = 0; i < element_count; i++) {
++        g_autofree gchar *rssi_str = NULL;
++        g_autofree gchar *sinr_str = NULL;
++        g_autofree gchar *rsrq_str = NULL;
++        g_autofree gchar *rsrp_str = NULL;
++
+         if (rfim_frequency[i]->rssi <= 31)
+             rssi_str = g_strdup_printf ("%d dBm", -113 + (2 * rfim_frequency[i]->rssi));
+         else
+-- 
+2.45.2
+
diff --git a/libmbim.spec b/libmbim.spec
index 3818be7..42e2908 100644
--- a/libmbim.spec
+++ b/libmbim.spec
@@ -1,11 +1,16 @@
 Name: libmbim
 Version: 1.30.0
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Support library for the Mobile Broadband Interface Model protocol
 License: LGPL-2.1-or-later
 URL: https://gitlab.freedesktop.org/mobile-broadband/libmbim/
 Source: https://gitlab.freedesktop.org/mobile-broadband/libmbim/-/archive/%{version}/%{name}-%{version}.tar.bz2
 
+# Both of these are picked from upstream mbim-1-30 branch post 1.30.0.
+# Will be dropped when we rebase to a later version.
+Patch0: 0001-mbimcli-intel-tools-parse-trace-command-value-in-a-m.patch
+Patch1: 0002-mbimcli-intel-thermal-rf-fix-a-potential-mem-leak-in.patch
+
 BuildRequires: meson >= 0.53
 BuildRequires: gcc
 BuildRequires: glib2-devel >= 2.56
@@ -92,6 +97,9 @@ cp -a src/mbimcli/mbimcli %{buildroot}%{_datadir}/bash-completion/completions/
 
 
 %changelog
+* Tue Jun 25 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.30.0-5
+- Add patches for a pair of bugs that make static analysis unhappy (RHEL-38475)
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.30.0-4
 - Bump release for June 2024 mass rebuild