diff --git a/kernel-rt-x86_64-debug.config b/kernel-rt-x86_64-debug.config
index 55978e4..425abb1 100644
--- a/kernel-rt-x86_64-debug.config
+++ b/kernel-rt-x86_64-debug.config
@@ -2939,7 +2939,7 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
-CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
+CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m
diff --git a/kernel-rt-x86_64.config b/kernel-rt-x86_64.config
index 7cabce3..4d064e6 100644
--- a/kernel-rt-x86_64.config
+++ b/kernel-rt-x86_64.config
@@ -2968,7 +2968,7 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
-CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
+CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m
diff --git a/kernel.spec b/kernel.spec
index 1ce2933..29b6d15 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.7.1.rt7.348.el8_10
+%define pkgrelease 553.8.1.rt7.349.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.7.1.rt7.348%{?dist}
+%define specrelease 553.8.1.rt7.349%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .348
+%global rtbuild .349
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,36 @@ fi
 #
 #
 %changelog
+* Fri Jun 14 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.8.1.rt7.349.el8_10]
+- [rt] build kernel-rt-4.18.0-553.8.1.rt7.349.el8_10 [RHEL-40882]
+- udf: Fix NULL pointer dereference in udf_symlink function (Pavel Reichl) [RHEL-37769] {CVE-2021-47353}
+- net: ti: fix UAF in tlan_remove_one (Jose Ignacio Tornos Martinez) [RHEL-38940] {CVE-2021-47310}
+- ARM: footbridge: fix PCI interrupt mapping (Myron Stowe) [RHEL-26971] {CVE-2021-46909}
+- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Kamal Heib) [RHEL-37454] {CVE-2024-36004}
+- net/mlx5e: Fix mlx5e_priv_init() cleanup flow (Kamal Heib) [RHEL-37424] {CVE-2024-35959}
+- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-37420] {CVE-2024-35960}
+- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-37091] {CVE-2023-52667}
+- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-37428] {CVE-2024-35958}
+- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
+- mISDN: fix possible use-after-free in HFC_cleanup() (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
+- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
+- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-35106]
+- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-35106]
+- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
+- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-35106]
+- [rt] Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-36172]
+- drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-36172]
+- drm/mgag200: Fix caching setup for remapped video memory (Jocelyn Falempe) [RHEL-36172]
+- Revert "drm/mgag200: Add a workaround for low-latency" (Jocelyn Falempe) [RHEL-36172]
+- mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-33133] {CVE-2024-26826}
+- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-31730]
+- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-31730] {CVE-2024-26735}
+- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-14195 RHEL-33243] {CVE-2024-26859}
+- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-14195 RHEL-33243]
+- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-14195 RHEL-33243]
+- x86: KVM: SVM: always update the x2avic msr interception (Maxim Levitsky) [RHEL-15495] {CVE-2023-5090}
+- EDAC/thunderx: Fix possible out-of-bounds string access (Aristeu Rozanski) [RHEL-26573] {CVE-2023-52464}
+
 * Fri Jun 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.7.1.rt7.348.el8_10]
 - [rt] build kernel-rt-4.18.0-553.7.1.rt7.348.el8_10 [RHEL-34640]
 - net: qcom/emac: fix UAF in emac_remove (Ken Cox) [RHEL-37834] {CVE-2021-47311}
diff --git a/sources b/sources
index c20e28f..c63618f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.7.1.rt7.348.el8_10.tar.xz) = f4e7970ca85a012a77fb5fb7716dda9fa901d3a191842c145b42efbcb4716b7bbce825b4df4bb4a02225f01d1adf24999ac4c0eabde87fd76bcb8ee002b717ee
+SHA512 (linux-4.18.0-553.8.1.rt7.349.el8_10.tar.xz) = 896faa7711c760dd8f517d72189370b31f8538121980c38a315e323f4d687edfc2e436caa67ad7d828084697617fcc91cdf0bd79138bb6fff3b0ff83f529f50a