diff --git a/kernel.spec b/kernel.spec
index 8a0a9f7..9e5157e 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.122.1.rt7.463.el8_10
+%define pkgrelease 553.123.1.rt7.464.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.122.1.rt7.463%{?dist}
+%define specrelease 553.123.1.rt7.464%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .463
+%global rtbuild .464
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2710,6 +2710,19 @@ fi
 #
 #
 %changelog
+* Mon May 04 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.123.1.rt7.464.el8_10]
+- crypto: algif_aead - snapshot IV for async AEAD requests (Herbert Xu) [RHEL-172187]
+- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - reject short ahash digests during instance creation (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
+- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Herbert Xu) [RHEL-172187] {CVE-2026-23060}
+- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [RHEL-172187]
+- crypto: af_alg - limit RX SG extraction by receive buffer budget (Herbert Xu) [RHEL-172187] {CVE-2026-31677}
+- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
+- crypto: af-alg - fix NULL pointer dereference in scatterwalk (Herbert Xu) [RHEL-172187]
+- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Paolo Bonzini) [RHEL-153727] {CVE-2026-23401}
+
 * Fri Apr 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.122.1.rt7.463.el8_10]
 - nvme: avoid double free special payload (Maurizio Lombardi) [RHEL-51303] {CVE-2024-41073}
 - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166921] {CVE-2025-68724}
diff --git a/sources b/sources
index 5f3c1e5..994e0ad 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.122.1.rt7.463.el8_10.tar.xz) = 007b7cb7919a4c5c4b4d5bc7ef672fc1aeb774217ffe0281939823cebee89678cce935ec18f70ddf463f0e1a0561cde27b0b30d432eac7f0dfedb12800a55e77
+SHA512 (linux-4.18.0-553.123.1.rt7.464.el8_10.tar.xz) = 98a8cb019ec0a340ec528651d97ddc8d2df1515ea5c37927af3a38d97fc9a2a84134bcb4fda3220c42954ed6e2d263f7182ccbe16569acd25c262ce16489e426