diff --git a/.gitignore b/.gitignore
index 8afd5f7..7b69193 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
-SOURCES/linux-4.18.0-553.124.1.rt7.465.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.125.1.rt7.466.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 46309f2..1a9516d 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,6 +1,6 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-1f610f783a6d9b89bad6c9f7850e3df74f3ffdd0 SOURCES/linux-4.18.0-553.124.1.rt7.465.el8_10.tar.xz
+5ee78d36fb9d8d8a945084038fbc69d5eb5ad28f SOURCES/linux-4.18.0-553.125.1.rt7.466.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SOURCES/1100-ptrace-require-cap-on-mm-less-task.patch b/SOURCES/1100-ptrace-require-cap-on-mm-less-task.patch
deleted file mode 100644
index f9c5934..0000000
--- a/SOURCES/1100-ptrace-require-cap-on-mm-less-task.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From: Andrew Lukoshko <alukoshko@almalinux.org>
-Subject: [PATCH AlmaLinux 8 RT] ptrace: require CAP_SYS_PTRACE when task has no mm
-
-kABI-safe AlmaLinux backport of upstream commit 31e62c2ebbfd
-("ptrace: slightly saner 'get_dumpable()' logic") posted at
-https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
-
-The upstream fix adds a 'user_dumpable:1' bit to task_struct and
-caches the last dumpability in exit_mm() so __ptrace_may_access()
-can require CAP_SYS_PTRACE when the target has no mm (e.g. kernel
-threads or already-exited user tasks). That layout change to
-task_struct breaks kABI on RHEL/AlmaLinux 8 (the symtype signature
-of struct task_struct is referenced by stablelist exports such as
-__put_task_struct(), sched_setscheduler(), set_cpus_allowed_ptr()
-and wake_up_process()), so we cannot import the field/exit_mm
-hunks as-is. AlmaLinux 8's exit_mm() also predates the upstream
-rewrite that the second hunk targets.
-
-Take the minimal kABI-safe slice instead: when task->mm == NULL,
-require CAP_SYS_PTRACE in init_user_ns unconditionally. This closes
-the Qualys Security Advisory hole -- mm-less targets no longer pass
-the dumpability check by default -- without touching task_struct or
-exit.c. The only behavioural delta versus upstream is that a user
-task that has already cleared its mm in exit_mm() (a dying/zombie
-task) now also requires CAP_SYS_PTRACE to attach, instead of being
-remembered as previously dumpable. Such targets are rarely ptraced
-in practice.
-
-Verified to apply with `patch -p1 -F0` (no offset, no fuzz, no rejects)
-against kernel-rt-4.18.0-553.124.1.rt7.465.el8_10.
-
-Reported-by: Qualys Security Advisory <qsa@qualys.com>
-Signed-off-by: Andrew Lukoshko <alukoshko@almalinux.org>
----
- kernel/ptrace.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
---- a/kernel/ptrace.c
-+++ b/kernel/ptrace.c
-@@ -375,8 +375,11 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
- 	smp_rmb();
- 	mm = task->mm;
--	if (mm &&
--	    ((get_dumpable(mm) != SUID_DUMP_USER) &&
--	     !ptrace_has_cap(mm->user_ns, mode)))
--	    return -EPERM;
-+	if (mm) {
-+		if ((get_dumpable(mm) != SUID_DUMP_USER) &&
-+		    !ptrace_has_cap(mm->user_ns, mode))
-+			return -EPERM;
-+	} else if (!ptrace_has_cap(&init_user_ns, mode)) {
-+		return -EPERM;
-+	}
- 
- 	return security_ptrace_access_check(task, mode);
---
-2.43.0
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 8be0791..8f631c5 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,11 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.124.2.rt7.465.el8_10
-%define tarfile_release 553.124.1.rt7.465.el8_10
+%define pkgrelease 553.125.1.rt7.466.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.124.2.rt7.465%{?dist}
+%define specrelease 553.125.1.rt7.466%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -149,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .465
+%global rtbuild .466
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -436,7 +435,7 @@ BuildRequires: xmlto
 BuildRequires: asciidoc
 %endif
 
-Source0: linux-%{specversion}-%{tarfile_release}.tar.xz
+Source0: linux-%{specversion}-%{pkgrelease}.tar.xz
 
 Source9: x509.genkey
 
@@ -536,7 +535,6 @@ Patch2005: 0005-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch
 Patch2006: 0006-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch
 Patch2007: 0007-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch
 Patch2008: 0008-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
-Patch1100: 1100-ptrace-require-cap-on-mm-less-task.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1094,8 +1092,8 @@ ApplyOptionalPatch()
   fi
 }
 
-%setup -q -n %{name}-%{specversion}-%{tarfile_release} -c
-mv linux-%{specversion}-%{tarfile_release} linux-%{KVERREL}
+%setup -q -n %{name}-%{specversion}-%{pkgrelease} -c
+mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 
 cd linux-%{KVERREL}
 
@@ -1110,7 +1108,6 @@ ApplyPatch 0005-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch
 ApplyPatch 0006-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch
 ApplyPatch 0007-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch
 ApplyPatch 0008-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
-ApplyPatch 1100-ptrace-require-cap-on-mm-less-task.patch
 
 # END OF PATCH APPLICATIONS
 
@@ -2714,11 +2711,7 @@ fi
 #
 #
 %changelog
-* Fri May 15 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 4.18.0-553.124.2.rt7.465
-- ptrace: require CAP_SYS_PTRACE when task has no mm (kABI-safe backport
-  of upstream 31e62c2ebbfd, Qualys Security Advisory)
-
-* Tue May 12 2026 Andrei Lukoshko <alukoshko@almalinux.org> - 4.18.0-553.124.1.rt7.465
+* Wed May 20 2026 Andrei Lukoshko <alukoshko@almalinux.org> - 4.18.0-553.125.1.rt7.466
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -2729,10 +2722,15 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
-* Tue May 12 2026 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.0-553.124.1.rt7.465
+* Wed May 20 2026 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.0-553.125.1.rt7.466
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 
+* Mon May 18 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.125.1.rt7.466.el8_10]
+- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Sabrina Dubroca) [RHEL-176090] {CVE-2026-46300}
+- net: skbuff: preserve shared-frag marker during coalescing (Sabrina Dubroca) [RHEL-176090] {CVE-2026-46300}
+- ptrace: slightly saner 'get_dumpable()' logic (Rafael Aquini) [RHEL-176445] {CVE-2026-46333}
+
 * Mon May 11 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.124.1.rt7.465.el8_10]
 - xfrm: esp: avoid in-place decrypt on shared skb frags (Sabrina Dubroca) [RHEL-174586] {CVE-2026-43284}