diff --git a/.gitignore b/.gitignore
index 46318f345..565c6fc31 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,7 @@
 fedoraimaca.x509
-kernel-abi-stablelists-6.12.0-124.40.1.el10_1.tar.xz
-kernel-kabi-dw-6.12.0-124.40.1.el10_1.tar.xz
-linux-6.12.0-124.40.1.el10_1.tar.xz
+kernel-abi-stablelists-6.12.0-124.43.1.el10_1.tar.xz
+kernel-kabi-dw-6.12.0-124.43.1.el10_1.tar.xz
+linux-6.12.0-124.43.1.el10_1.tar.xz
 nvidiagpuoot001.x509
 olima1.x509
 olimaca1.x509
diff --git a/Makefile.rhelver b/Makefile.rhelver
index 1b4d49c32..70c165ff5 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 1
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 124.40.1
+RHEL_RELEASE = 124.43.1
 
 #
 # RHEL_REBASE_NUM
diff --git a/kernel.changelog b/kernel.changelog
index 297383dc1..5997ee26b 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,58 @@
+* Tue Mar 03 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.43.1.el10_1]
+- HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save (CKI Backport Bot) [RHEL-142253] {CVE-2025-39818}
+- drm/xe: Make dma-fences compliant with the safe access rules (Mika Penttilä) [RHEL-122272] {CVE-2025-38703}
+Resolves: RHEL-122272, RHEL-142253
+
+* Sat Feb 28 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.42.1.el10_1]
+- dpll: zl3073x: Fix ref frequency setting (Ivan Vecera) [RHEL-139828]
+- dpll: Prevent duplicate registrations (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Remove unused dev wrappers (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Cache all output properties in zl3073x_out (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Cache all reference properties in zl3073x_ref (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Cache reference monitor status (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Split ref, out, and synth logic from core (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Store raw register values instead of parsed state (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: fix kernel-doc name and missing parameter in fw.c (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Specify phase adjustment granularity for pins (Ivan Vecera) [RHEL-139828]
+- dpll: add phase-adjust-gran pin attribute (Ivan Vecera) [RHEL-139828]
+- dpll: fix device-id-get and pin-id-get to return errors properly (Ivan Vecera) [RHEL-139828]
+- dpll: spec: add missing module-name and clock-id to pin-get reply (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Allow to configure phase offset averaging factor (Ivan Vecera) [RHEL-139828]
+- dpll: add phase_offset_avg_factor_get/set callback ops (Ivan Vecera) [RHEL-139828]
+- dpll: add phase-offset-avg-factor device attribute to netlink spec (Ivan Vecera) [RHEL-139828]
+- dpll: fix clock quality level reporting (Ivan Vecera) [RHEL-139828]
+- dpll: add reference sync get/set (Ivan Vecera) [RHEL-139828]
+- dpll: add reference-sync netlink attribute (Ivan Vecera) [RHEL-139828]
+- dpll: remove documentation of rclk_dev_name (Ivan Vecera) [RHEL-139828]
+- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CKI Backport Bot) [RHEL-143548] {CVE-2025-71085}
+- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137370] {CVE-2025-39760}
+- sched_ext: Fix scx_kick_pseqs corruption on concurrent scheduler loads (Phil Auld) [RHEL-124637]
+- sched_ext: Allocate scx_kick_cpus_pnt_seqs lazily using kvzalloc() (Phil Auld) [RHEL-124637]
+Resolves: RHEL-124637, RHEL-137370, RHEL-139828, RHEL-143548
+
+* Thu Feb 26 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.41.1.el10_1]
+- vfs: check dentry is still valid in get_link() (Ian Kent) [RHEL-134853]
+- efivarfs: fix error propagation in efivar_entry_get() (CKI Backport Bot) [RHEL-150116] {CVE-2026-23156}
+- KVM: x86: Apply runtime updates to current CPUID during KVM_SET_CPUID{,2} (Igor Mammedov) [RHEL-148458]
+- printk: Use console_is_usable on console_unblank (CKI Backport Bot) [RHEL-148303]
+- printk: Avoid irq_work for printk_deferred() on suspend (CKI Backport Bot) [RHEL-148303]
+- printk: Avoid scheduling irq_work on suspend (CKI Backport Bot) [RHEL-148303]
+- printk: Allow printk_trigger_flush() to flush all types (CKI Backport Bot) [RHEL-148303]
+- printk: Check CON_SUSPEND when unblanking a console (CKI Backport Bot) [RHEL-148303]
+- printk: nbcon: Allow reacquire during panic (CKI Backport Bot) [RHEL-148303]
+- migrate: correct lock ordering for hugetlb file folios (Luiz Capitulino) [RHEL-147270] {CVE-2026-23097}
+- io_uring/sqpoll: don't put task_struct on tctx setup failure (Jeff Moyer) [RHEL-137992]
+- io_uring: consistently use rcu semantics with sqpoll thread (Jeff Moyer) [RHEL-137992]
+- io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() (Jeff Moyer) [RHEL-137992] {CVE-2025-38106}
+- io_uring/sqpoll: fix sqpoll error handling races (Jeff Moyer) [RHEL-137992]
+- gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify() (CKI Backport Bot) [RHEL-145597] {CVE-2025-40249}
+- gpio: cdev: make sure the cdev fd is still active before emitting events (CKI Backport Bot) [RHEL-145597] {CVE-2025-40249}
+- macvlan: fix possible UAF in macvlan_forward_source() (CKI Backport Bot) [RHEL-144128] {CVE-2026-23001}
+- dm: use READ_ONCE in dm_blk_report_zones (Benjamin Marzinski) [RHEL-137953]
+- dm: fix unlocked test for dm_suspended_md (Benjamin Marzinski) [RHEL-137953]
+- dm: fix dm_blk_report_zones (CKI Backport Bot) [RHEL-137953] {CVE-2025-38141}
+Resolves: RHEL-134853, RHEL-137953, RHEL-137992, RHEL-144128, RHEL-145597, RHEL-147270, RHEL-148303, RHEL-148458, RHEL-150116
+
 * Thu Feb 19 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.40.1.el10_1]
 - s390/mm: Fix __ptep_rdp() inline assembly (Mete Durlu) [RHEL-143715]
 - ice: PTP: fix missing timestamps on E825 hardware (CKI Backport Bot) [RHEL-148168]
diff --git a/kernel.spec b/kernel.spec
index e206a4e88..0fcf95036 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 124.40.1
+%define pkgrelease 124.43.1
 %define kversion 6
-%define tarfile_release 6.12.0-124.40.1.el10_1
+%define tarfile_release 6.12.0-124.43.1.el10_1
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 124.40.1%{?buildid}%{?dist}
+%define specrelease 124.43.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-124.40.1.el10_1
+%define kabiversion 6.12.0-124.43.1.el10_1
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -929,19 +929,7 @@ Source13: redhatsecureboot501.cer
 %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
 %define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
 
-%if 0%{?centos}
-%define pesign_name_0 centossecureboot201
-%else
-%ifarch x86_64 aarch64
-%define pesign_name_0 redhatsecureboot801
-%endif
-%ifarch s390x
-%define pesign_name_0 redhatsecureboot302
-%endif
-%ifarch ppc64le
-%define pesign_name_0 redhatsecureboot701
-%endif
-%endif
+%define pesign_name_0 almalinuxsecureboot0
 # rhel && !eln
 %endif
 
@@ -4389,14 +4377,14 @@ fi\
 #
 #
 %changelog
-* Wed Mar 04 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-124.40.1
+* Wed Mar 11 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-124.43.1
 - Debrand for AlmaLinux OS
 - Use AlmaLinux OS secure boot cert
 
-* Wed Mar 04 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-124.40.1
+* Wed Mar 11 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-124.43.1
 - Enable Btrfs support for all kernel variants
 
-* Wed Mar 04 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-124.40.1
+* Wed Mar 11 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-124.43.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -4407,6 +4395,58 @@ fi\
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
+* Tue Mar 03 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.43.1.el10_1]
+- HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save (CKI Backport Bot) [RHEL-142253] {CVE-2025-39818}
+- drm/xe: Make dma-fences compliant with the safe access rules (Mika Penttilä) [RHEL-122272] {CVE-2025-38703}
+
+* Sat Feb 28 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.42.1.el10_1]
+- dpll: zl3073x: Fix ref frequency setting (Ivan Vecera) [RHEL-139828]
+- dpll: Prevent duplicate registrations (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Remove unused dev wrappers (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Cache all output properties in zl3073x_out (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Cache all reference properties in zl3073x_ref (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Cache reference monitor status (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Split ref, out, and synth logic from core (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Store raw register values instead of parsed state (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: fix kernel-doc name and missing parameter in fw.c (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Specify phase adjustment granularity for pins (Ivan Vecera) [RHEL-139828]
+- dpll: add phase-adjust-gran pin attribute (Ivan Vecera) [RHEL-139828]
+- dpll: fix device-id-get and pin-id-get to return errors properly (Ivan Vecera) [RHEL-139828]
+- dpll: spec: add missing module-name and clock-id to pin-get reply (Ivan Vecera) [RHEL-139828]
+- dpll: zl3073x: Allow to configure phase offset averaging factor (Ivan Vecera) [RHEL-139828]
+- dpll: add phase_offset_avg_factor_get/set callback ops (Ivan Vecera) [RHEL-139828]
+- dpll: add phase-offset-avg-factor device attribute to netlink spec (Ivan Vecera) [RHEL-139828]
+- dpll: fix clock quality level reporting (Ivan Vecera) [RHEL-139828]
+- dpll: add reference sync get/set (Ivan Vecera) [RHEL-139828]
+- dpll: add reference-sync netlink attribute (Ivan Vecera) [RHEL-139828]
+- dpll: remove documentation of rclk_dev_name (Ivan Vecera) [RHEL-139828]
+- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CKI Backport Bot) [RHEL-143548] {CVE-2025-71085}
+- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137370] {CVE-2025-39760}
+- sched_ext: Fix scx_kick_pseqs corruption on concurrent scheduler loads (Phil Auld) [RHEL-124637]
+- sched_ext: Allocate scx_kick_cpus_pnt_seqs lazily using kvzalloc() (Phil Auld) [RHEL-124637]
+
+* Thu Feb 26 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.41.1.el10_1]
+- vfs: check dentry is still valid in get_link() (Ian Kent) [RHEL-134853]
+- efivarfs: fix error propagation in efivar_entry_get() (CKI Backport Bot) [RHEL-150116] {CVE-2026-23156}
+- KVM: x86: Apply runtime updates to current CPUID during KVM_SET_CPUID{,2} (Igor Mammedov) [RHEL-148458]
+- printk: Use console_is_usable on console_unblank (CKI Backport Bot) [RHEL-148303]
+- printk: Avoid irq_work for printk_deferred() on suspend (CKI Backport Bot) [RHEL-148303]
+- printk: Avoid scheduling irq_work on suspend (CKI Backport Bot) [RHEL-148303]
+- printk: Allow printk_trigger_flush() to flush all types (CKI Backport Bot) [RHEL-148303]
+- printk: Check CON_SUSPEND when unblanking a console (CKI Backport Bot) [RHEL-148303]
+- printk: nbcon: Allow reacquire during panic (CKI Backport Bot) [RHEL-148303]
+- migrate: correct lock ordering for hugetlb file folios (Luiz Capitulino) [RHEL-147270] {CVE-2026-23097}
+- io_uring/sqpoll: don't put task_struct on tctx setup failure (Jeff Moyer) [RHEL-137992]
+- io_uring: consistently use rcu semantics with sqpoll thread (Jeff Moyer) [RHEL-137992]
+- io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() (Jeff Moyer) [RHEL-137992] {CVE-2025-38106}
+- io_uring/sqpoll: fix sqpoll error handling races (Jeff Moyer) [RHEL-137992]
+- gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify() (CKI Backport Bot) [RHEL-145597] {CVE-2025-40249}
+- gpio: cdev: make sure the cdev fd is still active before emitting events (CKI Backport Bot) [RHEL-145597] {CVE-2025-40249}
+- macvlan: fix possible UAF in macvlan_forward_source() (CKI Backport Bot) [RHEL-144128] {CVE-2026-23001}
+- dm: use READ_ONCE in dm_blk_report_zones (Benjamin Marzinski) [RHEL-137953]
+- dm: fix unlocked test for dm_suspended_md (Benjamin Marzinski) [RHEL-137953]
+- dm: fix dm_blk_report_zones (CKI Backport Bot) [RHEL-137953] {CVE-2025-38141}
+
 * Thu Feb 19 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.40.1.el10_1]
 - s390/mm: Fix __ptep_rdp() inline assembly (Mete Durlu) [RHEL-143715]
 - ice: PTP: fix missing timestamps on E825 hardware (CKI Backport Bot) [RHEL-148168]
diff --git a/sources b/sources
index ce331786e..d5db913c9 100644
--- a/sources
+++ b/sources
@@ -1,7 +1,7 @@
 SHA512 (fedoraimaca.x509) = e04809394f4472c17e86d7024dee34f03fb68e82a85502fd5b00535202c72e57626a8376b2cf991b7e1e46404aa5ab8d189ebf320e0dd37d49e7efbc925c7a2e
-SHA512 (kernel-abi-stablelists-6.12.0-124.40.1.el10_1.tar.xz) = d38ae1f4fbc65de04993b390fc30e3d0886c3056cb12e7f473b532d51e71864c7a7dc93cae0acbde3947b91462773341146006ac9f2a68b933182fb69d75e9bf
-SHA512 (kernel-kabi-dw-6.12.0-124.40.1.el10_1.tar.xz) = 44327a65368b4173457684126017f988dc09af51b8d558d1c9a98f9a9300bfe3f7c4be9985d6e9eb1f21a6b49e3b2f328a206df7671925fa00ccbccd7546ec5e
-SHA512 (linux-6.12.0-124.40.1.el10_1.tar.xz) = 49193e3cb7c7a7f39f4e7bc986da6cee4f0e3c47d1f195e8e121bf76556b9490006cdfa8ef8bf732c5142ea3b96043007d101359c3b70d083e621c5477714631
+SHA512 (kernel-abi-stablelists-6.12.0-124.43.1.el10_1.tar.xz) = 45d7bb44b76bf664ccb5c3f92a0f1ff27f8b3cd87dc7115cec1c7c151ecc6e5b09afc1394688ec6b9ec3e748d0b22da7e47beee254270ff4f321da4db98f4ac5
+SHA512 (kernel-kabi-dw-6.12.0-124.43.1.el10_1.tar.xz) = 363fa86a8b4843aeda79e2b7e2cf2c25d5b1799b55aa36f320cfe165abddc58b1bab7cbe98d4335c86d6e3dc4dfe90fb8a34e54e1d402868012cf9acb0c4dbf1
+SHA512 (linux-6.12.0-124.43.1.el10_1.tar.xz) = 0b0bd034f7993b71507571574a46cc5555f03db44bf33e61ad3ec46b989e7d8be259704cbb40f715b499b76e039fa6e1aa9bdd7265bf7e8b851f9939501ebc84
 SHA512 (nvidiagpuoot001.x509) = b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe
 SHA512 (olima1.x509) = 123c26c1d698cc8523845c6e1103b9c72abf855acd225d37baf1f3388a47f912166d6d786fb367fe46de39e011b586ad7f3963aa2e8923da30a6ea9ae0d76ad3
 SHA512 (olimaca1.x509) = 3a779415fad29d6f7250ec97ab1f0a5eb62c351b724feee06b22e17f065bf74a558f32cc524d3222c4485635ae5b9cd5287855c94010fe743b51a4d954340c4c