diff --git a/.gitignore b/.gitignore
index 9de3c94..3d78d0a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/linux-4.18.0-348.20.1.rt7.150.el8_5.tar.xz
+SOURCES/linux-4.18.0-348.23.1.rt7.153.el8_5.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelkpatch1.x509
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index b5bb44f..de783f1 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,3 +1,3 @@
-28b44dd4604d6b2853d1a947b68c5f4ce03c9cd5 SOURCES/linux-4.18.0-348.20.1.rt7.150.el8_5.tar.xz
+fd00d03fa7df7262c1f2317b418dc59a6d0b6c1e SOURCES/linux-4.18.0-348.23.1.rt7.153.el8_5.tar.xz
 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index ea2e999..f3ff900 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -42,10 +42,10 @@
 # define buildid .local
 
 %define rpmversion 4.18.0
-%define pkgrelease 348.20.1.rt7.150.el8_5
+%define pkgrelease 348.23.1.rt7.153.el8_5
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 348.20.1.rt7.150%{?dist}
+%define specrelease 348.23.1.rt7.153%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -152,7 +152,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .150
+%global rtbuild .153
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2646,6 +2646,26 @@ fi
 #
 #
 %changelog
+* Tue Apr 12 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.23.1.rt7.153.el8_5]
+- [rt] build kernel-rt-4.18.0-348.23.1.rt7.153.el8_5 [2067266]
+- gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2069750 2061665]
+
+* Tue Apr 05 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.22.1.rt7.152.el8_5]
+- [rt] build kernel-rt-4.18.0-348.22.1.rt7.152.el8_5 [2067266]
+- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (Dick Kennedy) [2058193 2027558]
+- cifs: check all path components in resolved dfs target (Ronnie Sahlberg) [2056329 2030880]
+- RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032073 2032074] {CVE-2021-4028}
+
+* Tue Mar 22 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.21.1.rt7.151.el8_5]
+- [rt] build kernel-rt-4.18.0-348.21.1.rt7.151.el8_5 [2045589]
+- netfilter: nf_queue: handle socket prefetch (Florian Westphal) [2061446 2009786]
+- netfilter: nf_queue: fix possible use-after-free (Florian Westphal) [2061446 2009786]
+- selftests: netfilter: add nfqueue TCP_NEW_SYN_RECV socket race test (Florian Westphal) [2061446 2009786]
+- netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) [2061446 2009786]
+- netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056867 2056728] {CVE-2022-25636}
+- netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056867 2056728] {CVE-2022-25636}
+- rt: update the authentication scheme for the bugzilla script (Luis Claudio R. Goncalves)
+
 * Tue Mar 08 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.20.1.rt7.150.el8_5]
 - [rt] build kernel-rt-4.18.0-348.20.1.rt7.150.el8_5 [2045589]
 - lib/iov_iter: initialize "flags" in new pipe_buffer (Jan Stancek) [2060879 2060880] {CVE-2022-0847}