diff --git a/SOURCES/0001-mpstat-incorrect-cpu-usage-iowait.patch b/SOURCES/0001-mpstat-incorrect-cpu-usage-iowait.patch
new file mode 100644
index 0000000..0c51ca9
--- /dev/null
+++ b/SOURCES/0001-mpstat-incorrect-cpu-usage-iowait.patch
@@ -0,0 +1,63 @@
+From 1f5949d4a6fcb33065dbb1d509f356db039998ed Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Wed, 2 Sep 2020 19:04:04 +0200
+Subject: [PATCH] Workaround for iowait being decremented
+
+The iowait value reported by the kernel on NO_HZ systems can decrement
+as a result of inaccurate iowait tracking. Waiting on IO can be first
+accounted as iowait but then instead as idle.
+
+Function get_per_cpu_interval() considers iowait going backwards between
+two readings as a CPU coming back online and resets the iowait value of
+the first reading to 0. If iowait is decremented only because of
+inaccurate tracking, this causes that almost all time between the two
+readings is incorrectly recognized by sar as being spent in iowait.
+
+The patch updates the code in get_per_cpu_interval() to recognize this
+situation. If the iowait value between two readings decremented but the
+idle value did not then the code now considers it as a problem with the
+iowait reporting and corrects the first value according to the second
+reading. Otherwise, the code remains treating decremented iowait as a
+CPU coming back online.
+
+Fixes #14.
+
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+---
+ rd_stats.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/rd_stats.c b/rd_stats.c
+index 56d42d00..fb93f23f 100644
+--- a/rd_stats.c
++++ b/rd_stats.c
+@@ -440,12 +440,26 @@ unsigned long long get_per_cpu_interval(struct stats_cpu *scc,
+ 	 * value was greater than ULLONG_MAX - 0x7ffff (the counter probably
+ 	 * overflew).
+ 	 */
++	if ((scc->cpu_iowait < scp->cpu_iowait) && (scp->cpu_iowait < (ULLONG_MAX - 0x7ffff))) {
++		/*
++		 * The iowait value reported by the kernel can also decrement as
++		 * a result of inaccurate iowait tracking. Waiting on IO can be
++		 * first accounted as iowait but then instead as idle.
++		 * Therefore if the idle value during the same period did not
++		 * decrease then consider this is a problem with the iowait
++		 * reporting and correct the previous value according to the new
++		 * reading. Otherwise, treat this as CPU coming back online.
++		 */
++		if ((scc->cpu_idle > scp->cpu_idle) || (scp->cpu_idle >= (ULLONG_MAX - 0x7ffff))) {
++			scp->cpu_iowait = scc->cpu_iowait;
++		}
++		else {
++			scp->cpu_iowait = 0;
++		}
++	}
+ 	if ((scc->cpu_idle < scp->cpu_idle) && (scp->cpu_idle < (ULLONG_MAX - 0x7ffff))) {
+ 		scp->cpu_idle = 0;
+ 	}
+-	if ((scc->cpu_iowait < scp->cpu_iowait) && (scp->cpu_iowait < (ULLONG_MAX - 0x7ffff))) {
+-		scp->cpu_iowait = 0;
+-	}
+ 
+ 	/*
+ 	 * Don't take cpu_guest and cpu_guest_nice into account
diff --git a/SOURCES/CVE-2023-33204.patch b/SOURCES/CVE-2023-33204.patch
new file mode 100644
index 0000000..c5afb4e
--- /dev/null
+++ b/SOURCES/CVE-2023-33204.patch
@@ -0,0 +1,23 @@
+From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001
+From: Pavel Kopylov <pkopylov@cloudlinux.com>
+Date: Wed, 17 May 2023 11:33:45 +0200
+Subject: [PATCH] Fix an overflow which is still possible for some values.
+diff --git a/common.c b/common.c
+index 583a0ca..6d73b1b 100644
+--- a/common.c
++++ b/common.c
+@@ -1639,9 +1639,11 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
+  */
+ void check_overflow(size_t val1, size_t val2, size_t val3)
+ {
+-	if ((unsigned long long) val1 *
+-	    (unsigned long long) val2 *
+-	    (unsigned long long) val3 > UINT_MAX) {
++if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++		(((unsigned long long)UINT_MAX / (unsigned long long)val1 <
++		(unsigned long long)val2) ||
++		((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
++		(unsigned long long)val2) < (unsigned long long)val3))) {
+ #ifdef DEBUG
+ 		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+ 			__FUNCTION__,
diff --git a/SPECS/sysstat.spec b/SPECS/sysstat.spec
index c77aeeb..e2c9299 100644
--- a/SPECS/sysstat.spec
+++ b/SPECS/sysstat.spec
@@ -1,7 +1,7 @@
 Summary: Collection of performance monitoring tools for Linux
 Name: sysstat
 Version: 11.7.3
-Release: 9%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: http://sebastien.godard.pagesperso-orange.fr/
@@ -19,7 +19,8 @@ Patch04: 0001-sadf-Fix-seg-fault-on-empty-data-files.patch
 Patch05: 0001-sar-Fix-typo-in-manual-page.patch
 Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
 Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
-
+Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch
+Patch09: CVE-2023-33204.patch
 BuildRequires: gettext, lm_sensors-devel, systemd
 
 Requires: findutils, xz
@@ -54,6 +55,8 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
 %patch05 -p1
 %patch06 -p1
 %patch07 -p1
+%patch08 -p1
+%patch09 -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@@ -102,6 +105,12 @@ fi
 %{_localstatedir}/log/sa
 
 %changelog
+* Fri Jul 07 2023 psimovec <psimovec@redhat.com> - 11.7.3-11
+- fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)
+
+* Thu Mar 16 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-10
+- Fix incorrect CPU usage on ALL CPU field for iowait in mpstat (#2178863)
+
 * Wed Dec 14 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-9
 - add -f flag to force fdatasync() after sa file update (#2153192)