diff --git a/kernel.spec b/kernel.spec
index 29b6d15..0c72699 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.8.1.rt7.349.el8_10
+%define pkgrelease 553.9.1.rt7.350.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.8.1.rt7.349%{?dist}
+%define specrelease 553.9.1.rt7.350%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .349
+%global rtbuild .350
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,72 @@ fi
 #
 #
 %changelog
+* Sat Jun 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.9.1.rt7.350.el8_10]
+- [rt] build kernel-rt-4.18.0-553.9.1.rt7.350.el8_10 [RHEL-44553]
+- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Steve Best) [RHEL-37262] {CVE-2024-35876}
+- net/sched: flower: Fix chain template offload (Xin Long) [RHEL-31313] {CVE-2024-26669}
+- SUNRPC: fix a memleak in gss_import_v2_context (Scott Mayhew) [RHEL-35195] {CVE-2023-52653}
+- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-26564] {CVE-2023-52463}
+- dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
+- dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
+- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
+- quota: Fix potential NULL pointer dereference (Pavel Reichl) [RHEL-33219] {CVE-2024-26878}
+- locking/lockdep: Fix overflow in presentation of average lock-time (Čestmír Kalina) [RHEL-17678]
+- blk-cgroup: Properly propagate the iostat update up the hierarchy (Ming Lei) [RHEL-40939]
+- proc: Use new_inode not new_inode_pseudo (Ian Kent) [RHEL-40167]
+- stmmac: Clear variable when destroying workqueue (Izabela Bakollari) [RHEL-31822] {CVE-2024-26802}
+- powerpc/pseries/memhp: Fix access beyond end of drmem array (Mamatha Inamdar) [RHEL-26495] {CVE-2023-52451}
+- platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-38258] {CVE-2023-52864}
+- Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (Kamal Heib) [RHEL-36908] {CVE-2023-52658}
+- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Cathy Avery) [RHEL-39074]
+- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Cathy Avery) [RHEL-39074]
+- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Cathy Avery) [RHEL-39074]
+- hv_netvsc: remove duplicated including of slab.h (Cathy Avery) [RHEL-39074]
+- hv_netvsc: rndis_filter needs to select NLS (Cathy Avery) [RHEL-39074]
+- hv_netvsc: Mark VF as slave before exposing it to user-mode (Cathy Avery) [RHEL-39074]
+- hv_netvsc: Fix race of register_netdevice_notifier and VF register (Cathy Avery) [RHEL-39074]
+- hv_netvsc: fix race of netvsc and VF register_netdevice (Cathy Avery) [RHEL-39074]
+- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (Cathy Avery) [RHEL-39074]
+- hv_netvsc: Allocate rx indirection table size dynamically (Cathy Avery) [RHEL-39074]
+- net: hv_netvsc: Fix a warning triggered by memcpy in rndis_filter (Cathy Avery) [RHEL-39074]
+- gfs2: Fix lru_count accounting (Andreas Gruenbacher) [RHEL-32941]
+- gfs2: Fix "Make glock lru list scanning safer" (Andreas Gruenbacher) [RHEL-32941]
+- gfs2: Fix "ignore unlock failures after withdraw" (Andreas Gruenbacher) [RHEL-32941]
+- gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru (Andreas Gruenbacher) [RHEL-32941]
+- gfs2: Don't forget to complete delayed withdraw (Andreas Gruenbacher) [RHEL-32941]
+- gfs2: Delay withdraw from atomic context (Andreas Gruenbacher) [RHEL-32941]
+- gfs2: trivial clean up of gfs2_ail_error (Andreas Gruenbacher) [RHEL-32941]
+- ext4: fix corruption during on-line resize (Carlos Maiolino) [RHEL-36974] {CVE-2024-35807}
+- ext4: correct offset of gdb backup in non meta_bg group to update_backups (Carlos Maiolino) [RHEL-36974]
+- ext4: avoid online resizing failures due to oversized flex bg (Carlos Maiolino) [RHEL-30507] {CVE-2023-52622}
+- ext4: use time_is_before_jiffies() instead of open coding it (Carlos Maiolino) [RHEL-30507]
+- ext4: unify the type of flexbg_size to unsigned int (Carlos Maiolino) [RHEL-30507]
+- ext4: remove unnecessary check from alloc_flex_gd() (Carlos Maiolino) [RHEL-30507]
+- tracing: Do no increment trace_clock_global() by one (Jerome Marchand) [RHEL-27107] {CVE-2021-46939}
+- tracing: Restructure trace_clock_global() to never block (Jerome Marchand) [RHEL-27107] {CVE-2021-46939}
+- net/sched: act_skbmod: prevent kernel-infoleak (Xin Long) [RHEL-37220] {CVE-2024-35893}
+- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Xin Long) [RHEL-38307] {CVE-2023-52845}
+- redhat: remove the merge subtrees script (Derek Barbosa)
+- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa)
+- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa)
+- dyndbg: fix old BUG_ON in >control parser (Waiman Long) [RHEL-37111] {CVE-2024-35947}
+- dyndbg: let query-modname override actual module name (Waiman Long) [RHEL-37111]
+- dyndbg: make dyndbg a known cli param (Waiman Long) [RHEL-37111]
+- lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-33437]
+- net: usb: lan78xx: don't modify phy_device state concurrently (Jamie Bainbridge) [RHEL-33437]
+- efi: runtime: Fix potential overflow of soft-reserved region size (Lenny Szubowicz) [RHEL-33096] {CVE-2024-26843}
+- perf/arm-cmn: Fail DTC counter allocation correctly (Michael Petlan) [RHEL-23841]
+- perf/arm-cmn: Rework DTC counters (again) (Michael Petlan) [RHEL-23841]
+- perf/arm-cmn: Fix DTC domain detection (Michael Petlan) [RHEL-23841]
+- perf/arm-cmn: Revamp model detection (Michael Petlan) [RHEL-23841]
+- perf/arm-cmn: Fix port detection for CMN-700 (Michael Petlan) [RHEL-23841]
+- perf/arm-cmn: Move overlapping wp_combine field (Michael Petlan) [RHEL-23841]
+- Partially revert "perf/arm-cmn: Optimise DTC counter accesses" (Michael Petlan) [RHEL-23841]
+- drivers/perf: Compile with gnu99 standard (Michael Petlan) [RHEL-23841]
+- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Steve Best) [RHEL-36994] {CVE-2024-35801}
+- watchdog: softdog: Add options 'soft_reboot_cmd' and 'soft_active_on_boot' (Waiman Long) [RHEL-19723]
+- tipc: fix UAF in error path (Xin Long) [RHEL-34278] {CVE-2024-36886}
+
 * Fri Jun 14 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.8.1.rt7.349.el8_10]
 - [rt] build kernel-rt-4.18.0-553.8.1.rt7.349.el8_10 [RHEL-40882]
 - udf: Fix NULL pointer dereference in udf_symlink function (Pavel Reichl) [RHEL-37769] {CVE-2021-47353}
@@ -6907,6 +6973,7 @@ fi
 - drm/i915: Don't check for atomic context on PREEMPT_RT (John B. Wyatt IV) [2212309 2213314]
 - drm/i915: Don't disable interrupts on PREEMPT_RT during atomic updates (John B. Wyatt IV) [2212309 2213314]
 - drm/i915: Use preempt_disable/enable_rt() where recommended (John B. Wyatt IV) [2212309 2213314]
+
 * Mon Sep 25 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-515.rt7.304.el8]
 - [rt] build kernel-rt-4.18.0-515.rt7.304.el8 [RHEL-5332]
 - s390/dasd: fix hanging device after quiesce/resume (Tobias Huschle) [RHEL-2838]
@@ -12925,6 +12992,7 @@ fi
 - PCI: vmd: Disable MSI remapping after suspend (Myron Stowe) [2136922]
 - PCI: vmd: Add DID 8086:7D0B and 8086:AD0B for Intel MTL SKUs (Myron Stowe) [2136922]
 - PCI: vmd: Use devm_kasprintf() instead of simple kasprintf() (Myron Stowe) [2136922]
+
 * Tue May 23 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-494.rt7.283.el8]
 - [rt] build kernel-rt-4.18.0-494.rt7.283.el8 [2180997]
 - net/sched: sch_fq: fix integer overflow of "credit" (Davide Caratti) [2187718]
@@ -13807,6 +13875,8 @@ fi
 - hwmon: (coretemp) avoid RDMSR interrupts to isolated CPUs (Marcelo Tosatti) [2158707]
 - scsi: target: iscsi: Handle abort for WRITE_PENDING cmds (Maurizio Lombardi) [2156588]
 - scsi: target: iscsit: Fix TAS handling during conn cleanup (Maurizio Lombardi) [2156588]
+
+* Thu May 04 2023 John B. Wyatt IV <jwyatt@redhat.com> [4.18.0-490.rt7.279.el8]
 - [rt] build kernel-rt-4.18.0-490.rt7.279.el8 [2180997]
 - RDMA/cma: Distinguish between sockaddr_in and sockaddr_in6 by size (Kamal Heib) [2170083]
 - RDMA/umem: Remove unused 'work' member from struct ib_umem (Kamal Heib) [2170083]
diff --git a/sources b/sources
index c63618f..c315958 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.8.1.rt7.349.el8_10.tar.xz) = 896faa7711c760dd8f517d72189370b31f8538121980c38a315e323f4d687edfc2e436caa67ad7d828084697617fcc91cdf0bd79138bb6fff3b0ff83f529f50a
+SHA512 (linux-4.18.0-553.9.1.rt7.350.el8_10.tar.xz) = 01eebcc74f431d869bfac6aeecdc87e908e5ae50a17b72152aaf5aa411e600aeb25ef113c1ff950e0e397fa7d2c8a79f058e78ea425372599271e3d0b9e960ab