diff --git a/COPYING-6.12.0-124.55.3.el10 b/COPYING-6.12.0-124.56.5.el10
similarity index 100%
rename from COPYING-6.12.0-124.55.3.el10
rename to COPYING-6.12.0-124.56.5.el10
diff --git a/Makefile.rhelver b/Makefile.rhelver
index 98ed3cfa06..7d6f487d2a 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 1
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 124.55.1
+RHEL_RELEASE = 124.56.1
 
 #
 # RHEL_REBASE_NUM
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index d5f89f9ef2..7563e49041 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -338,10 +338,13 @@ ok:
 	 */
 	smp_rmb();
 	mm = task->mm;
-	if (mm &&
-	    ((get_dumpable(mm) != SUID_DUMP_USER) &&
-	     !ptrace_has_cap(mm->user_ns, mode)))
-	    return -EPERM;
+	if (mm) {
+		if ((get_dumpable(mm) != SUID_DUMP_USER) &&
+		    !ptrace_has_cap(mm->user_ns, mode))
+			return -EPERM;
+	} else if (!ptrace_has_cap(&init_user_ns, mode)) {
+		return -EPERM;
+	}
 
 	return security_ptrace_access_check(task, mode);
 }
diff --git a/net/core/gro.c b/net/core/gro.c
index 0ad549b07e..1e7febabca 100644
--- a/net/core/gro.c
+++ b/net/core/gro.c
@@ -214,10 +214,12 @@ done:
 	p->data_len += len;
 	p->truesize += delta_truesize;
 	p->len += len;
+	skb_shinfo(p)->flags |= skbinfo->flags & SKBFL_SHARED_FRAG;
 	if (lp != p) {
 		lp->data_len += len;
 		lp->truesize += delta_truesize;
 		lp->len += len;
+		skb_shinfo(lp)->flags |= skbinfo->flags & SKBFL_SHARED_FRAG;
 	}
 	NAPI_GRO_CB(skb)->same_flow = 1;
 	return 0;
@@ -245,6 +247,8 @@ int skb_gro_receive_list(struct sk_buff *p, struct sk_buff *skb)
 	p->truesize += skb->truesize;
 	p->len += skb->len;
 
+	skb_shinfo(p)->flags |= skb_shinfo(skb)->flags & SKBFL_SHARED_FRAG;
+
 	NAPI_GRO_CB(skb)->same_flow = 1;
 
 	return 0;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 63f43658e6..f3f4a30e0a 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2123,6 +2123,7 @@ struct sk_buff *__pskb_copy_fclone(struct sk_buff *skb, int headroom,
 			skb_frag_ref(skb, i);
 		}
 		skb_shinfo(n)->nr_frags = i;
+		skb_shinfo(n)->flags |= skb_shinfo(skb)->flags & SKBFL_SHARED_FRAG;
 	}
 
 	if (skb_has_frag_list(skb)) {
@@ -4198,6 +4199,8 @@ onlymerged:
 	tgt->ip_summed = CHECKSUM_PARTIAL;
 	skb->ip_summed = CHECKSUM_PARTIAL;
 
+	skb_shinfo(tgt)->flags |= skb_shinfo(skb)->flags & SKBFL_SHARED_FRAG;
+
 	skb_len_add(skb, -shiftlen);
 	skb_len_add(tgt, shiftlen);
 
@@ -6028,6 +6031,8 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
 	       from_shinfo->frags,
 	       from_shinfo->nr_frags * sizeof(skb_frag_t));
 	to_shinfo->nr_frags += from_shinfo->nr_frags;
+	if (from_shinfo->nr_frags)
+		to_shinfo->flags |= from_shinfo->flags & SKBFL_SHARED_FRAG;
 
 	if (!skb_cloned(from))
 		from_shinfo->nr_frags = 0;
diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c
index 164f8f1b41..64f8d77b87 100644
--- a/net/rxrpc/io_thread.c
+++ b/net/rxrpc/io_thread.c
@@ -235,18 +235,16 @@ static bool rxrpc_input_packet(struct rxrpc_local *local, struct sk_buff **_skb)
 		 * decryption.
 		 */
 		if (sp->hdr.securityIndex != 0) {
-			if (skb_cloned(skb) || skb->data_len) {
-				struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC);
-
-				if (!nskb) {
-					rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare_nomem);
-					return just_discard;
-				}
+			skb = skb_unshare(skb, GFP_ATOMIC);
+			if (!skb) {
+				rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare_nomem);
+				*_skb = NULL;
+				return just_discard;
+			}
 
+			if (skb != *_skb) {
 				rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare);
-				consume_skb(*_skb);
-				*_skb = nskb;
-				skb = nskb;
+				*_skb = skb;
 				rxrpc_new_skb(skb, rxrpc_skb_new_unshared);
 				sp = rxrpc_skb(skb);
 			}
diff --git a/redhat/kernel.changelog-10.1 b/redhat/kernel.changelog-10.1
index 6f2de287cb..936a35d16b 100644
--- a/redhat/kernel.changelog-10.1
+++ b/redhat/kernel.changelog-10.1
@@ -1,3 +1,7 @@
+* Sat May 09 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.56.1.el10_1]
+- xfrm: esp: avoid in-place decrypt on shared skb frags (CKI Backport Bot) [RHEL-174548] {CVE-2026-43284}
+Resolves: RHEL-174548
+
 * Sat May 02 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.55.1.el10_1]
 - crypto: algif_aead - snapshot IV for async AEAD requests (Vladislav Dronov) [RHEL-172211]
 - crypto: algif_aead - Fix minimum RX size check for decryption (Vladislav Dronov) [RHEL-172211]
diff --git a/uki-addons.sbat b/uki-addons.sbat
index efa71d9278..25f1c226ec 100644
--- a/uki-addons.sbat
+++ b/uki-addons.sbat
@@ -1,3 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-kernel-uki-virt-addons.centos,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.55.3.el10.x86_64,mailto:secalert@redhat.com
-kernel-uki-virt-addons.almalinux,1,AlmaLinux,kernel-uki-virt-addons,6.12.0-124.55.3.el10.x86_64,mailto:security@almalinux.org
+kernel-uki-virt-addons.centos,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.56.5.el10.x86_64,mailto:secalert@redhat.com
+kernel-uki-virt-addons.almalinux,1,AlmaLinux,kernel-uki-virt-addons,6.12.0-124.56.5.el10.x86_64,mailto:security@almalinux.org
diff --git a/uki.sbat b/uki.sbat
index 5645d8332a..b976252969 100644
--- a/uki.sbat
+++ b/uki.sbat
@@ -1,3 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-kernel-uki-virt.centos,1,Red Hat,kernel-uki-virt,6.12.0-124.55.3.el10.x86_64,mailto:secalert@redhat.com
-kernel-uki-virt.almalinux,1,AlmaLinux,kernel-uki-virt,6.12.0-124.55.3.el10.x86_64,mailto:security@almalinux.org
+kernel-uki-virt.centos,1,Red Hat,kernel-uki-virt,6.12.0-124.56.5.el10.x86_64,mailto:secalert@redhat.com
+kernel-uki-virt.almalinux,1,AlmaLinux,kernel-uki-virt,6.12.0-124.56.5.el10.x86_64,mailto:security@almalinux.org