diff --git a/.gitignore b/.gitignore
index 2dc6a4142..02e7b4b28 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-503.29.1.el9_5.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-503.29.1.el9_5.tar.bz2
-SOURCES/linux-5.14.0-503.29.1.el9_5.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-503.31.1.el9_5.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-503.31.1.el9_5.tar.bz2
+SOURCES/linux-5.14.0-503.31.1.el9_5.tar.xz
 SOURCES/nvidiagpuoot001.x509
 SOURCES/olima1.x509
 SOURCES/olimaca1.x509
diff --git a/.kernel.metadata b/.kernel.metadata
index 4ce0b25f8..e93e90226 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,6 +1,6 @@
-fdf5b4c85eff46c048ffe782328624dc87b5d67b SOURCES/kernel-abi-stablelists-5.14.0-503.29.1.el9_5.tar.bz2
-d5169e44060e7b6d3baf2e51d9d405739aa76c00 SOURCES/kernel-kabi-dw-5.14.0-503.29.1.el9_5.tar.bz2
-088b74fcb1ba5c4e388835abb7051abeeaa76732 SOURCES/linux-5.14.0-503.29.1.el9_5.tar.xz
+159063579abf2321b64595b27febedf7b15f2706 SOURCES/kernel-abi-stablelists-5.14.0-503.31.1.el9_5.tar.bz2
+caf2cece65078d76bde6f24a66106d55120b1ed5 SOURCES/kernel-kabi-dw-5.14.0-503.31.1.el9_5.tar.bz2
+8503b78361f388fdc9615ba84c447c402efe4c23 SOURCES/linux-5.14.0-503.31.1.el9_5.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509
diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver
index a89c2c062..f7bfc93b0 100644
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 5
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 503.29.1
+RHEL_RELEASE = 503.31.1
 
 #
 # ZSTREAM
diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog
index e8f21bf8d..8a961d2bf 100644
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@@ -1,3 +1,51 @@
+* Thu Mar 06 2025 Chao YE <cye@redhat.com> [5.14.0-503.31.1.el9_5]
+- HID: core: zero-initialize the report buffer (Benjamin Tissoires) [RHEL-81838] {CVE-2024-50302}
+- x86/kaslr: Expose and use the end of the physical memory address space (Waiman Long) [RHEL-70002]
+- ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81799]
+- ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
+- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81799] {CVE-2024-53197}
+- ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
+- x86/kexec: Add EFI config table identity mapping for kexec kernel (Jay Shin) [RHEL-74170]
+- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (Jay Shin) [RHEL-73210] {CVE-2024-53113}
+- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
+- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
+- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
+- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
+- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
+- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
+- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
+- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
+- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
+- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
+- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
+- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
+- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
+- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
+- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
+- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
+- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]
+Resolves: RHEL-64291, RHEL-67065, RHEL-70002, RHEL-73210, RHEL-74170, RHEL-75250, RHEL-75461, RHEL-77338, RHEL-77343, RHEL-77488, RHEL-80526, RHEL-80746, RHEL-81799, RHEL-81838
+
+* Sun Mar 02 2025 Patrick Talbert <ptalbert@redhat.com> [5.14.0-503.30.1.el9_5]
+- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
+- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
+- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
+- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
+- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
+- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
+- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
+- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
+- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
+- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
+- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
+- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
+- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
+- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
+- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
+- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
+- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]
+Resolves: RHEL-64291, RHEL-67065, RHEL-75250, RHEL-75461, RHEL-77338, RHEL-77343, RHEL-77488, RHEL-80526, RHEL-80746
+
 * Tue Feb 25 2025 Chao YE <cye@redhat.com> [5.14.0-503.29.1.el9_5]
 - rhel-9.5: gate on kernel-qe tests results not cki ones (Bruno Goncalves)
 - ice: implement low latency PHY timer updates (Petr Oros) [RHEL-75466]
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 281938f7c..bb74442a1 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 503.29.1
+%define pkgrelease 503.31.1
 %define kversion 5
-%define tarfile_release 5.14.0-503.29.1.el9_5
+%define tarfile_release 5.14.0-503.31.1.el9_5
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 503.29.1%{?buildid}%{?dist}
+%define specrelease 503.31.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-503.29.1.el9_5
+%define kabiversion 5.14.0-503.31.1.el9_5
 
 #
 # End of genspec.sh variables
@@ -3795,7 +3795,7 @@ fi
 #
 #
 %changelog
-* Fri Mar 07 2025 Andrei Lukoshko <alukoshko@almalinux.org> - 5.14.0-503.29.1
+* Thu Mar 13 2025 Andrei Lukoshko <alukoshko@almalinux.org> - 5.14.0-503.31.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -3806,10 +3806,56 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
-* Fri Mar 07 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-503.29.1
+* Thu Mar 13 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-503.31.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 
+* Thu Mar 06 2025 Chao YE <cye@redhat.com> [5.14.0-503.31.1.el9_5]
+- HID: core: zero-initialize the report buffer (Benjamin Tissoires) [RHEL-81838] {CVE-2024-50302}
+- x86/kaslr: Expose and use the end of the physical memory address space (Waiman Long) [RHEL-70002]
+- ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81799]
+- ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
+- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81799] {CVE-2024-53197}
+- ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
+- x86/kexec: Add EFI config table identity mapping for kexec kernel (Jay Shin) [RHEL-74170]
+- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (Jay Shin) [RHEL-73210] {CVE-2024-53113}
+- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
+- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
+- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
+- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
+- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
+- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
+- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
+- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
+- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
+- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
+- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
+- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
+- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
+- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
+- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
+- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
+- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]
+
+* Sun Mar 02 2025 Patrick Talbert <ptalbert@redhat.com> [5.14.0-503.30.1.el9_5]
+- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
+- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
+- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
+- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
+- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
+- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
+- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
+- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
+- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
+- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
+- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
+- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
+- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
+- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
+- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
+- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
+- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]
+
 * Tue Feb 25 2025 Chao YE <cye@redhat.com> [5.14.0-503.29.1.el9_5]
 - rhel-9.5: gate on kernel-qe tests results not cki ones (Bruno Goncalves)
 - ice: implement low latency PHY timer updates (Petr Oros) [RHEL-75466]