diff --git a/.gitignore b/.gitignore
index 76ee150..ec3385a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
-SOURCES/linux-4.18.0-553.79.1.rt7.420.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.80.1.rt7.421.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 3003937..87e2421 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,6 +1,6 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-fde84097fa14f5c0b198e41d9727ee58899e2b6c SOURCES/linux-4.18.0-553.79.1.rt7.420.el8_10.tar.xz
+635bc4e37d51fa918d1bb63ed429ea170cad2307 SOURCES/linux-4.18.0-553.80.1.rt7.421.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 8c4d42d..aa1180f 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.79.1.rt7.420.el8_10
+%define pkgrelease 553.80.1.rt7.421.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.79.1.rt7.420%{?dist}
+%define specrelease 553.80.1.rt7.421%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .420
+%global rtbuild .421
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2720,7 +2720,7 @@ fi
 #
 #
 %changelog
-* Mon Oct 13 2025 Andrei Lukoshko <alukoshko@almalinux.org> - 4.18.0-553.79.1.rt7.420
+* Mon Oct 20 2025 Andrei Lukoshko <alukoshko@almalinux.org> - 4.18.0-553.80.1.rt7.421
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -2731,10 +2731,20 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
-* Mon Oct 13 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.0-553.79.1.rt7.420
+* Mon Oct 20 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.0-553.80.1.rt7.421
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 
+* Thu Oct 09 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.80.1.rt7.421.el8_10]
+- block: remove some blk_mq_hw_ctx debugfs entries (Ricardo Robaina) [RHEL-8816]
+- blk-mq: Remove the hctx 'run' debugfs attribute (Ricardo Robaina) [RHEL-8816]
+- block: remove debugfs blk_mq_ctx dispatched/merged/completed attributes (Ricardo Robaina) [RHEL-8816]
+- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CKI Backport Bot) [RHEL-114840] {CVE-2025-39751}
+- crypto: seqiv - Handle EBUSY correctly (CKI Backport Bot) [RHEL-117228] {CVE-2023-53373}
+- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Jaroslav Kysela) [RHEL-114681] {CVE-2025-38729}
+- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Jaroslav Kysela) [RHEL-114681]
+- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Jaroslav Kysela) [RHEL-114681] {CVE-2025-39757}
+
 * Fri Oct 03 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.79.1.rt7.420.el8_10]
 - Bluetooth: L2CAP: Fix use-after-free (CKI Backport Bot) [RHEL-116277] {CVE-2023-53305}
 - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CKI Backport Bot) [RHEL-109748] {CVE-2022-50228}