diff --git a/Makefile.rhelver b/Makefile.rhelver
index 104da07cd..fa30df117 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 2
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 150
+RHEL_RELEASE = 151
 
 #
 # RHEL_REBASE_NUM
diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config
index 3589a3326..9aa51d047 100644
--- a/kernel-aarch64-64k-debug-rhel.config
+++ b/kernel-aarch64-64k-debug-rhel.config
@@ -2848,6 +2848,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config
index 03b88bf66..413d14853 100644
--- a/kernel-aarch64-64k-rhel.config
+++ b/kernel-aarch64-64k-rhel.config
@@ -2832,6 +2832,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config
index 670eaaf62..328b7e9fd 100644
--- a/kernel-aarch64-debug-rhel.config
+++ b/kernel-aarch64-debug-rhel.config
@@ -2845,6 +2845,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config
index 172e44bc4..3667d0471 100644
--- a/kernel-aarch64-rhel.config
+++ b/kernel-aarch64-rhel.config
@@ -2829,6 +2829,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64-rt-64k-debug-rhel.config b/kernel-aarch64-rt-64k-debug-rhel.config
index c45783fed..04c72e815 100644
--- a/kernel-aarch64-rt-64k-debug-rhel.config
+++ b/kernel-aarch64-rt-64k-debug-rhel.config
@@ -2889,6 +2889,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64-rt-64k-rhel.config b/kernel-aarch64-rt-64k-rhel.config
index 2dc77a9eb..0e269bc16 100644
--- a/kernel-aarch64-rt-64k-rhel.config
+++ b/kernel-aarch64-rt-64k-rhel.config
@@ -2873,6 +2873,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config
index 252f0d358..9b0112e18 100644
--- a/kernel-aarch64-rt-debug-rhel.config
+++ b/kernel-aarch64-rt-debug-rhel.config
@@ -2886,6 +2886,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config
index 1bb57cab7..b1dc40c21 100644
--- a/kernel-aarch64-rt-rhel.config
+++ b/kernel-aarch64-rt-rhel.config
@@ -2870,6 +2870,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config
index 3d744026a..0619a3020 100644
--- a/kernel-ppc64le-debug-rhel.config
+++ b/kernel-ppc64le-debug-rhel.config
@@ -2527,6 +2527,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config
index d49ebb51b..56bd99e41 100644
--- a/kernel-ppc64le-rhel.config
+++ b/kernel-ppc64le-rhel.config
@@ -2511,6 +2511,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-riscv64-debug-rhel.config b/kernel-riscv64-debug-rhel.config
index 819f897e6..08a559afc 100644
--- a/kernel-riscv64-debug-rhel.config
+++ b/kernel-riscv64-debug-rhel.config
@@ -2506,6 +2506,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-riscv64-rhel.config b/kernel-riscv64-rhel.config
index 24ec06feb..d6a9f4007 100644
--- a/kernel-riscv64-rhel.config
+++ b/kernel-riscv64-rhel.config
@@ -2490,6 +2490,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config
index d3e10d98e..473b8c4d5 100644
--- a/kernel-s390x-debug-rhel.config
+++ b/kernel-s390x-debug-rhel.config
@@ -2514,6 +2514,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config
index 19a14c530..fdf6163f0 100644
--- a/kernel-s390x-rhel.config
+++ b/kernel-s390x-rhel.config
@@ -2498,6 +2498,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config
index e7479adbb..197d2520d 100644
--- a/kernel-s390x-zfcpdump-rhel.config
+++ b/kernel-s390x-zfcpdump-rhel.config
@@ -2504,6 +2504,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config
index 756afe7fd..ff05322dc 100644
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@@ -2710,6 +2710,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config
index 82ec1433b..76ef11aab 100644
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@@ -2694,6 +2694,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config
index 9f1d6de84..529d36c34 100644
--- a/kernel-x86_64-rt-debug-rhel.config
+++ b/kernel-x86_64-rt-debug-rhel.config
@@ -2751,6 +2751,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config
index 39a6e9af4..6bd56dca1 100644
--- a/kernel-x86_64-rt-rhel.config
+++ b/kernel-x86_64-rt-rhel.config
@@ -2735,6 +2735,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DISABLE_HTABLE is not set
+CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 # CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel.changelog b/kernel.changelog
index 7bc57a00e..01d180021 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,97 @@
+* Mon Nov 03 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-151.el10]
+- redhat/configs: set CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB default value (Baoquan He) [RHEL-114162]
+- kexec_file: use SHA-256 library API instead of crypto_shash API (Baoquan He) [RHEL-114162]
+- crash: fix spelling mistake "crahskernel" -> "crashkernel" (Baoquan He) [RHEL-114162]
+- ima: make the kexec extra memory configurable (Baoquan He) [RHEL-114162]
+- ima: verify if the segment size has changed (Baoquan He) [RHEL-114162]
+- ima: kexec: move IMA log copy from kexec load to execute (Baoquan He) [RHEL-114162]
+- ima: kexec: define functions to copy IMA log at soft boot (Baoquan He) [RHEL-114162]
+- ima: kexec: skip IMA segment validation after kexec soft reboot (Baoquan He) [RHEL-114162]
+- kexec: define functions to map and unmap segments (Baoquan He) [RHEL-114162]
+- ima: define and call ima_alloc_kexec_file_buf() (Baoquan He) [RHEL-114162]
+- ima: rename variable the seq_file "file" to "ima_kexec_file" (Baoquan He) [RHEL-114162]
+- ima: kexec: silence RCU list traversal warning (Baoquan He) [RHEL-114162]
+- selftests/kexec: Add x86_64 selftest for kexec-jump and exception handling (Baoquan He) [RHEL-114162]
+- x86/kexec: Invalidate GDT/IDT from relocate_kernel() instead of earlier (Baoquan He) [RHEL-114162]
+- x86/kexec: Add 8250 MMIO serial port output (Baoquan He) [RHEL-114162]
+- x86/kexec: Add 8250 serial port output (Baoquan He) [RHEL-114162]
+- x86/early_printk: Harden early_serial (Baoquan He) [RHEL-114162]
+- x86/boot: Mark start_secondary() with __noendbr (Baoquan He) [RHEL-114162]
+- x86/kexec: Debugging support: Dump registers on exception (Baoquan He) [RHEL-114162]
+- x86/kexec: Debugging support: Load an IDT and basic exception entry points (Baoquan He) [RHEL-114162]
+- x86/kexec: Merge x86_32 and x86_64 code using macros from <asm/asm.h> (Baoquan He) [RHEL-114162]
+- kexec_core: accept unaccepted kexec segments' destination addresses (Baoquan He) [RHEL-114162]
+- powerpc/crash: use generic crashkernel reservation (Baoquan He) [RHEL-114162]
+- powerpc: insert System RAM resource to prevent crashkernel conflict (Baoquan He) [RHEL-114162]
+- powerpc/crash: preserve user-specified memory limit (Baoquan He) [RHEL-114162]
+- powerpc/crash: use generic APIs to locate memory hole for kdump (Baoquan He) [RHEL-114162]
+- crash: let arch decide usable memory range in reserved area (Baoquan He) [RHEL-114162]
+- crash: remove an unused argument from reserve_crashkernel_generic() (Baoquan He) [RHEL-114162]
+- kexec: initialize ELF lowest address to ULONG_MAX (Baoquan He) [RHEL-114162]
+- x86/kexec: Add relocate_kernel() debugging support: Load a GDT (Baoquan He) [RHEL-114162]
+- printk: Check CON_SUSPEND when unblanking a console (Baoquan He) [RHEL-114162]
+- printk: Rename console_start to console_resume (Baoquan He) [RHEL-114162]
+- printk: Rename console_stop to console_suspend (Baoquan He) [RHEL-114162]
+- printk: Rename resume_console to console_resume_all (Baoquan He) [RHEL-114162]
+- printk: Rename suspend_console to console_suspend_all (Baoquan He) [RHEL-114162]
+- crash: Remove KEXEC_CORE_NOTE_NAME (Baoquan He) [RHEL-114162]
+- s390/crash: Use note name macros (Baoquan He) [RHEL-114162]
+- s390/kdump: Provide is_kdump_kernel() implementation (Baoquan He) [RHEL-114162]
+- crash: Use note name macros (Baoquan He) [RHEL-114162]
+- proc/kcore: use percpu_rw_semaphore for kclist_lock (Baoquan He) [RHEL-114162]
+- proc/kcore: don't walk list on every read (Baoquan He) [RHEL-114162]
+- proc/kcore: mark proc entry as permanent (Baoquan He) [RHEL-114162]
+- powerpc/crash: Use note name macros (Baoquan He) [RHEL-114162]
+- binfmt_elf: Use note name macros (Baoquan He) [RHEL-114162]
+- elf: Define note name macros (Baoquan He) [RHEL-114162]
+- riscv: Allow ptrace control of the tagged address ABI (Baoquan He) [RHEL-114162]
+- x86/kexec: Use typedef for relocate_kernel_fn function prototype (Baoquan He) [RHEL-114162]
+- x86/kexec: Cope with relocate_kernel() not being at the start of the page (Baoquan He) [RHEL-114162]
+- kexec_core: Add and update comments regarding the KEXEC_JUMP flow (Baoquan He) [RHEL-114162]
+- x86/kexec: Mark machine_kexec() with __nocfi (Baoquan He) [RHEL-114162]
+- x86/kexec: Fix location of relocate_kernel with -ffunction-sections (Baoquan He) [RHEL-114162]
+- x86/kexec: Fix stack and handling of re-entry point for ::preserve_context (Baoquan He) [RHEL-114162]
+- x86/kexec: Use correct swap page in swap_pages function (Baoquan He) [RHEL-114162]
+- x86/kexec: Ensure preserve_context flag is set on return to kernel (Baoquan He) [RHEL-114162]
+- x86/kexec: Disable global pages before writing to control page (Baoquan He) [RHEL-114162]
+- x86: Fix build regression with CONFIG_KEXEC_JUMP enabled (Baoquan He) [RHEL-114162]
+- x86/kexec: Mark relocate_kernel page as ROX instead of RWX (Baoquan He) [RHEL-114162]
+- x86/kexec: Clean up register usage in relocate_kernel() (Baoquan He) [RHEL-114162]
+- x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page (Baoquan He) [RHEL-114162]
+- x86/kexec: Drop page_list argument from relocate_kernel() (Baoquan He) [RHEL-114162]
+- x86/kexec: Add data section to relocate_kernel (Baoquan He) [RHEL-114162]
+- x86/kexec: Move relocate_kernel to kernel .data section (Baoquan He) [RHEL-114162]
+- x86/kexec: Invoke copy of relocate_kernel() instead of the original (Baoquan He) [RHEL-114162]
+- x86/kexec: Copy control page into place in machine_kexec_prepare() (Baoquan He) [RHEL-114162]
+- x86/kexec: Allocate PGD for x86_64 transition page tables separately (Baoquan He) [RHEL-114162]
+- x86/kexec: Only swap pages for ::preserve_context mode (Baoquan He) [RHEL-114162]
+- x86/kexec: Use named labels in swap_pages in relocate_kernel_64.S (Baoquan He) [RHEL-114162]
+- x86/kexec: Clean up and document register use in relocate_kernel_64.S (Baoquan He) [RHEL-114162]
+- x86/kexec: Restore GDT on return from ::preserve_context kexec (Baoquan He) [RHEL-114162]
+- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-44601]
+- tmpfs: add support for multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- btrfs: convert to multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- ext4: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- xfs: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- Documentation: add a new file documenting multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- fs: add percpu counters for significant multigrain timestamp events (Carlos Maiolino) [RHEL-121527]
+- fs: tracepoints around multigrain timestamp events (Carlos Maiolino) [RHEL-121527]
+- fs: handle delegated timestamps in setattr_copy_mgtime (Carlos Maiolino) [RHEL-121527]
+- fs: have setattr_copy handle multigrain timestamps appropriately (Carlos Maiolino) [RHEL-121527]
+- fs: add infrastructure for multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- timekeeping: Add percpu counter for tracking floor swap events (Carlos Maiolino) [RHEL-121527]
+- timekeeping: Add interfaces for handling timestamps with a floor value (Carlos Maiolino) [RHEL-121527]
+- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Paolo Abeni) [RHEL-115580]
+- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Paolo Abeni) [RHEL-115580] {CVE-2025-39955}
+- tcp: fix __tcp_close() to only send RST when required (Paolo Abeni) [RHEL-115580]
+- net: fix segmentation after TCP/UDP fraglist GRO (Paolo Abeni) [RHEL-115580]
+- tcp: call tcp_measure_rcv_mss() for ooo packets (Paolo Abeni) [RHEL-115580]
+- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Paolo Abeni) [RHEL-115580]
+- tcp: fix passive TFO socket having invalid NAPI ID (Paolo Abeni) [RHEL-115580]
+- tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Paolo Abeni) [RHEL-115580]
+- fs: writeback: fix use-after-free in __mark_inode_dirty() (CKI Backport Bot) [RHEL-117211] {CVE-2025-39866}
+Resolves: RHEL-114162, RHEL-115580, RHEL-117211, RHEL-121527, RHEL-44601
+
 * Fri Oct 31 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-150.el10]
 - redhat/configs: Re-enable Raspberry Pi support in automotive (Radu Rendec) [RHEL-122494]
 - spi: ljca: Remove Wentong's e-mail address (Mattijs Korpershoek) [RHEL-104570]
diff --git a/kernel.spec b/kernel.spec
index df9b4e3f3..a5bd90ec2 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 150
+%define pkgrelease 151
 %define kversion 6
-%define tarfile_release 6.12.0-150.el10
+%define tarfile_release 6.12.0-151.el10
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 150%{?buildid}%{?dist}
+%define specrelease 151%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-150.el10
+%define kabiversion 6.12.0-151.el10
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -4365,6 +4365,99 @@ fi\
 #
 #
 %changelog
+* Mon Nov 03 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-151.el10]
+- redhat/configs: set CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB default value (Baoquan He) [RHEL-114162]
+- kexec_file: use SHA-256 library API instead of crypto_shash API (Baoquan He) [RHEL-114162]
+- crash: fix spelling mistake "crahskernel" -> "crashkernel" (Baoquan He) [RHEL-114162]
+- ima: make the kexec extra memory configurable (Baoquan He) [RHEL-114162]
+- ima: verify if the segment size has changed (Baoquan He) [RHEL-114162]
+- ima: kexec: move IMA log copy from kexec load to execute (Baoquan He) [RHEL-114162]
+- ima: kexec: define functions to copy IMA log at soft boot (Baoquan He) [RHEL-114162]
+- ima: kexec: skip IMA segment validation after kexec soft reboot (Baoquan He) [RHEL-114162]
+- kexec: define functions to map and unmap segments (Baoquan He) [RHEL-114162]
+- ima: define and call ima_alloc_kexec_file_buf() (Baoquan He) [RHEL-114162]
+- ima: rename variable the seq_file "file" to "ima_kexec_file" (Baoquan He) [RHEL-114162]
+- ima: kexec: silence RCU list traversal warning (Baoquan He) [RHEL-114162]
+- selftests/kexec: Add x86_64 selftest for kexec-jump and exception handling (Baoquan He) [RHEL-114162]
+- x86/kexec: Invalidate GDT/IDT from relocate_kernel() instead of earlier (Baoquan He) [RHEL-114162]
+- x86/kexec: Add 8250 MMIO serial port output (Baoquan He) [RHEL-114162]
+- x86/kexec: Add 8250 serial port output (Baoquan He) [RHEL-114162]
+- x86/early_printk: Harden early_serial (Baoquan He) [RHEL-114162]
+- x86/boot: Mark start_secondary() with __noendbr (Baoquan He) [RHEL-114162]
+- x86/kexec: Debugging support: Dump registers on exception (Baoquan He) [RHEL-114162]
+- x86/kexec: Debugging support: Load an IDT and basic exception entry points (Baoquan He) [RHEL-114162]
+- x86/kexec: Merge x86_32 and x86_64 code using macros from <asm/asm.h> (Baoquan He) [RHEL-114162]
+- kexec_core: accept unaccepted kexec segments' destination addresses (Baoquan He) [RHEL-114162]
+- powerpc/crash: use generic crashkernel reservation (Baoquan He) [RHEL-114162]
+- powerpc: insert System RAM resource to prevent crashkernel conflict (Baoquan He) [RHEL-114162]
+- powerpc/crash: preserve user-specified memory limit (Baoquan He) [RHEL-114162]
+- powerpc/crash: use generic APIs to locate memory hole for kdump (Baoquan He) [RHEL-114162]
+- crash: let arch decide usable memory range in reserved area (Baoquan He) [RHEL-114162]
+- crash: remove an unused argument from reserve_crashkernel_generic() (Baoquan He) [RHEL-114162]
+- kexec: initialize ELF lowest address to ULONG_MAX (Baoquan He) [RHEL-114162]
+- x86/kexec: Add relocate_kernel() debugging support: Load a GDT (Baoquan He) [RHEL-114162]
+- printk: Check CON_SUSPEND when unblanking a console (Baoquan He) [RHEL-114162]
+- printk: Rename console_start to console_resume (Baoquan He) [RHEL-114162]
+- printk: Rename console_stop to console_suspend (Baoquan He) [RHEL-114162]
+- printk: Rename resume_console to console_resume_all (Baoquan He) [RHEL-114162]
+- printk: Rename suspend_console to console_suspend_all (Baoquan He) [RHEL-114162]
+- crash: Remove KEXEC_CORE_NOTE_NAME (Baoquan He) [RHEL-114162]
+- s390/crash: Use note name macros (Baoquan He) [RHEL-114162]
+- s390/kdump: Provide is_kdump_kernel() implementation (Baoquan He) [RHEL-114162]
+- crash: Use note name macros (Baoquan He) [RHEL-114162]
+- proc/kcore: use percpu_rw_semaphore for kclist_lock (Baoquan He) [RHEL-114162]
+- proc/kcore: don't walk list on every read (Baoquan He) [RHEL-114162]
+- proc/kcore: mark proc entry as permanent (Baoquan He) [RHEL-114162]
+- powerpc/crash: Use note name macros (Baoquan He) [RHEL-114162]
+- binfmt_elf: Use note name macros (Baoquan He) [RHEL-114162]
+- elf: Define note name macros (Baoquan He) [RHEL-114162]
+- riscv: Allow ptrace control of the tagged address ABI (Baoquan He) [RHEL-114162]
+- x86/kexec: Use typedef for relocate_kernel_fn function prototype (Baoquan He) [RHEL-114162]
+- x86/kexec: Cope with relocate_kernel() not being at the start of the page (Baoquan He) [RHEL-114162]
+- kexec_core: Add and update comments regarding the KEXEC_JUMP flow (Baoquan He) [RHEL-114162]
+- x86/kexec: Mark machine_kexec() with __nocfi (Baoquan He) [RHEL-114162]
+- x86/kexec: Fix location of relocate_kernel with -ffunction-sections (Baoquan He) [RHEL-114162]
+- x86/kexec: Fix stack and handling of re-entry point for ::preserve_context (Baoquan He) [RHEL-114162]
+- x86/kexec: Use correct swap page in swap_pages function (Baoquan He) [RHEL-114162]
+- x86/kexec: Ensure preserve_context flag is set on return to kernel (Baoquan He) [RHEL-114162]
+- x86/kexec: Disable global pages before writing to control page (Baoquan He) [RHEL-114162]
+- x86: Fix build regression with CONFIG_KEXEC_JUMP enabled (Baoquan He) [RHEL-114162]
+- x86/kexec: Mark relocate_kernel page as ROX instead of RWX (Baoquan He) [RHEL-114162]
+- x86/kexec: Clean up register usage in relocate_kernel() (Baoquan He) [RHEL-114162]
+- x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page (Baoquan He) [RHEL-114162]
+- x86/kexec: Drop page_list argument from relocate_kernel() (Baoquan He) [RHEL-114162]
+- x86/kexec: Add data section to relocate_kernel (Baoquan He) [RHEL-114162]
+- x86/kexec: Move relocate_kernel to kernel .data section (Baoquan He) [RHEL-114162]
+- x86/kexec: Invoke copy of relocate_kernel() instead of the original (Baoquan He) [RHEL-114162]
+- x86/kexec: Copy control page into place in machine_kexec_prepare() (Baoquan He) [RHEL-114162]
+- x86/kexec: Allocate PGD for x86_64 transition page tables separately (Baoquan He) [RHEL-114162]
+- x86/kexec: Only swap pages for ::preserve_context mode (Baoquan He) [RHEL-114162]
+- x86/kexec: Use named labels in swap_pages in relocate_kernel_64.S (Baoquan He) [RHEL-114162]
+- x86/kexec: Clean up and document register use in relocate_kernel_64.S (Baoquan He) [RHEL-114162]
+- x86/kexec: Restore GDT on return from ::preserve_context kexec (Baoquan He) [RHEL-114162]
+- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-44601]
+- tmpfs: add support for multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- btrfs: convert to multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- ext4: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- xfs: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- Documentation: add a new file documenting multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- fs: add percpu counters for significant multigrain timestamp events (Carlos Maiolino) [RHEL-121527]
+- fs: tracepoints around multigrain timestamp events (Carlos Maiolino) [RHEL-121527]
+- fs: handle delegated timestamps in setattr_copy_mgtime (Carlos Maiolino) [RHEL-121527]
+- fs: have setattr_copy handle multigrain timestamps appropriately (Carlos Maiolino) [RHEL-121527]
+- fs: add infrastructure for multigrain timestamps (Carlos Maiolino) [RHEL-121527]
+- timekeeping: Add percpu counter for tracking floor swap events (Carlos Maiolino) [RHEL-121527]
+- timekeeping: Add interfaces for handling timestamps with a floor value (Carlos Maiolino) [RHEL-121527]
+- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Paolo Abeni) [RHEL-115580]
+- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Paolo Abeni) [RHEL-115580] {CVE-2025-39955}
+- tcp: fix __tcp_close() to only send RST when required (Paolo Abeni) [RHEL-115580]
+- net: fix segmentation after TCP/UDP fraglist GRO (Paolo Abeni) [RHEL-115580]
+- tcp: call tcp_measure_rcv_mss() for ooo packets (Paolo Abeni) [RHEL-115580]
+- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Paolo Abeni) [RHEL-115580]
+- tcp: fix passive TFO socket having invalid NAPI ID (Paolo Abeni) [RHEL-115580]
+- tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Paolo Abeni) [RHEL-115580]
+- fs: writeback: fix use-after-free in __mark_inode_dirty() (CKI Backport Bot) [RHEL-117211] {CVE-2025-39866}
+
 * Fri Oct 31 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-150.el10]
 - redhat/configs: Re-enable Raspberry Pi support in automotive (Radu Rendec) [RHEL-122494]
 - spi: ljca: Remove Wentong's e-mail address (Mattijs Korpershoek) [RHEL-104570]
diff --git a/sources b/sources
index 797937cf0..cf67ccb40 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
 SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
 SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
-SHA512 (linux-6.12.0-150.el10.tar.xz) = e9f081bac97871dc2e8789483bc2b737f0299115d7d24a2175ea5a302c1a6700fec0691064305dc41d0c8db0ca7df031306e100282e80241d1c34ab5388a6d5f
-SHA512 (kernel-abi-stablelists-6.12.0-150.el10.tar.xz) = 8323bd906b4e4fa2f9b6e0208d844d7df2f98dca8e8b5c6e8185ef714b832ec9eb58aef106562b9ab3bf47f4e090c7e875a176d24961eb289d759de84ea76f34
-SHA512 (kernel-kabi-dw-6.12.0-150.el10.tar.xz) = c4fc19d2b2a6bdafaeed660fcc205261468b8a965858667aee180e9de26b7aab08abfdcbb6c602ab6fbe3cd803bc1500dca168a8fffeea25137608c999b2c576
+SHA512 (linux-6.12.0-151.el10.tar.xz) = ffa7eaf342c21f654d267d6aeb8a139c3f9d8c66258ac76030d5e6840cee46764c56e3f52ec584a0be1c8a6cea47fc57f0474a6014690a20bd4472268e0f7763
+SHA512 (kernel-abi-stablelists-6.12.0-151.el10.tar.xz) = d229f0519ba12cb8b93af9fed88ae3ce6783e5e9b3ca038af5607c7fda20f4e3cfc4226cb14162e24981adcee021a684e5debaf9b139748ce16f296265e8999c
+SHA512 (kernel-kabi-dw-6.12.0-151.el10.tar.xz) = 911ad565c772fd1a229c2cb5cbb8f863479f5695794d942536600e1dff7d449239c5b5191067184bd29cb66ed2ef29662638aa4d5014c156682e49808bc9e7f5