diff --git a/kernel.spec b/kernel.spec
index 845f5dad6..0aaeeecd6 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.23.1.el8_10
+%define pkgrelease 553.24.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.23.1%{?dist}
+%define specrelease 553.24.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,21 @@ fi
 #
 #
 %changelog
+* Wed Sep 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.24.1.el8_10]
+- cifs: do not set WorkstationName in NTLMSSP auth blob (Paulo Alcantara) [RHEL-56729]
+- padata: Fix possible divide-by-0 panic in padata_mt_helper() (Steve Best) [RHEL-56162] {CVE-2024-43889}
+- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (CKI Backport Bot) [RHEL-57000]
+- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Xin Long) [RHEL-56234] {CVE-2024-44935}
+- net/mlx5e: Fix netif state handling (Michal Schmidt) [RHEL-43864] {CVE-2024-38608}
+- net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Michal Schmidt) [RHEL-43864] {CVE-2024-38608}
+- r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44031] {CVE-2024-38586}
+- netfilter: flowtable: initialise extack before use (Florian Westphal) [RHEL-58542] {CVE-2024-45018}
+- memcg: protect concurrent access to mem_cgroup_idr (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
+- memcontrol: ensure memcg acquired by id is properly set up (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
+- mm: memcontrol: fix cannot alloc the maximum memcg ID (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
+- mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
+- ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-23676]
+
 * Thu Sep 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.23.1.el8_10]
 - ethtool: check device is present when getting link settings (Jamie Bainbridge) [RHEL-57002]
 - netfilter: nft_set_pipapo: do not free live element (Phil Sutter) [RHEL-34221] {CVE-2024-26924}
diff --git a/sources b/sources
index 1bea89d87..8dda607d5 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.23.1.el8_10.tar.xz) = 388d8732d91708ac41284a72a5a4129e043fbef579bdc0011de7f11ea3c87e7cea0aeae3d7e097f907df4caebf9072721a64641644ce487b903af1129fae303e
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 1bed5130cf54e7baad1ba769dabccf0e8eac92ae998f311b700ae41ebdb9fd8b8caf8c0f5d21703ceee28d9603dab7c6854f503cf3ed29a76c5af24f2257a829
+SHA512 (linux-4.18.0-553.24.1.el8_10.tar.xz) = 7a780ffe33e9f4e4fd66e5a84514476caef8ba5ebc3c19662d0c5a2ae2758f98da3493b10abe9e17cbff7d59454f8a7f84813d7daf838502fba105ea1f664220
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 41bc916b40753433e0c7a87bade37bc43d86e6a59c1d3917622fa56d0bf274a2987d916cf9f3ad6dbe1e854a12c044dab2bf3b033229ee27f5b02997f500ddbb
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf