diff --git a/kernel.spec b/kernel.spec
index 5b7e7e7..68913ce 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.14.1.rt7.355.el8_10
+%define pkgrelease 553.15.1.rt7.356.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.14.1.rt7.355%{?dist}
+%define specrelease 553.15.1.rt7.356%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .355
+%global rtbuild .356
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,29 @@ fi
 #
 #
 %changelog
+* Sat Jul 27 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.15.1.rt7.356.el8_10]
+- [rt] build kernel-rt-4.18.0-553.15.1.rt7.356.el8_10 [RHEL-44553]
+- Revert "scsi: st: Add third party poweron reset handling" (John Meneghini) [RHEL-44613]
+- ionic: fix use after netif_napi_del() (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502}
+- ionic: clean interrupt before enabling queue to avoid credit race (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502}
+- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CKI Backport Bot) [RHEL-49321] {CVE-2021-47624}
+- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47882] {CVE-2024-40927}
+- net: openvswitch: Fix Use-After-Free in ovs_ct_exit (cki-backport-bot) [RHEL-36362] {CVE-2024-27395}
+- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979}
+- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979}
+- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43721] {CVE-2024-36979}
+- irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37022] {CVE-2024-35847}
+- irqchip/gic-v3-its: Fix potential VPE leak on error (Charles Mirabile) [RHEL-37744] {CVE-2021-47373}
+- i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Charles Mirabile) [RHEL-34735] {CVE-2022-48632}
+- iommu/dma: fix zeroing of bounce buffer padding used by untrusted devices (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
+- swiotlb: remove alloc_size argument to swiotlb_tbl_map_single() (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
+- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
+- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
+- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
+- swiotlb: Fix alignment checks when both allocation and DMA masks are present (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
+- swiotlb: Fix double-allocation of slots due to broken alignment handling (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
+- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (cki-backport-bot) [RHEL-44441] {CVE-2024-31076}
+
 * Thu Jul 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.14.1.rt7.355.el8_10]
 - [rt] build kernel-rt-4.18.0-553.14.1.rt7.355.el8_10 [RHEL-44553]
 - s390/qeth: Fix kernel panic after setting hsuid (Mete Durlu) [RHEL-49754]
diff --git a/sources b/sources
index 32acb94..88f059c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.14.1.rt7.355.el8_10.tar.xz) = d7d40e6146889ae53727912eaef5ed16d69ea9e039fe0df24a2060e7275dff769bfa9bcdabfcfce498fbd357aea094299bebf1b36f4a4e2fe5639f305dad5b4a
+SHA512 (linux-4.18.0-553.15.1.rt7.356.el8_10.tar.xz) = 75f008d2cf7a338ac50e0f0ecfc84d244f60674c1ee818796013ba5c258e3a8188e42f891e4f45eddb8f7036246d621cfd9747a80c7150aebd5755dba5e3d16d