diff --git a/.gitignore b/.gitignore
index 484a2a1f7..50246cdfe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-611.42.1.el9_7.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-611.42.1.el9_7.tar.bz2
-SOURCES/linux-5.14.0-611.42.1.el9_7.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-611.45.1.el9_7.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-611.45.1.el9_7.tar.bz2
+SOURCES/linux-5.14.0-611.45.1.el9_7.tar.xz
 SOURCES/nvidiagpuoot001.x509
 SOURCES/olima1.x509
 SOURCES/olimaca1.x509
diff --git a/.kernel.metadata b/.kernel.metadata
index 30eca7dc0..ddf033b83 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,6 +1,6 @@
-8fee2d9a05f039b5fd410a84e8aaa3031e3067c8 SOURCES/kernel-abi-stablelists-5.14.0-611.42.1.el9_7.tar.bz2
-0c55bb9efc3abf3323a66b84a493fc624cb4b03e SOURCES/kernel-kabi-dw-5.14.0-611.42.1.el9_7.tar.bz2
-fd72c8173751582ebb642143226becc14b4ca770 SOURCES/linux-5.14.0-611.42.1.el9_7.tar.xz
+6e96492b1f137d72c09f3aafabf83bcd26198974 SOURCES/kernel-abi-stablelists-5.14.0-611.45.1.el9_7.tar.bz2
+48d08e8831ddd7e34151433a0730613c9dac910a SOURCES/kernel-kabi-dw-5.14.0-611.45.1.el9_7.tar.bz2
+9bb89390b6601d8242f9e6576795cd014b1f3cee SOURCES/linux-5.14.0-611.45.1.el9_7.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509
diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver
index b86cca9b6..6cb4fc9d6 100644
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 7
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 611.42.1
+RHEL_RELEASE = 611.45.1
 
 #
 # ZSTREAM
diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog
index 744d9891e..da2b47a52 100644
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@@ -1,3 +1,33 @@
+* Sat Mar 21 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.45.1.el9_7]
+- net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150403] {CVE-2026-23204}
+- net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150403]
+- iommu: Skip PASID validation for devices without PASID capability (Eder Zulian) [RHEL-95264]
+Resolves: RHEL-150403, RHEL-95264
+
+* Thu Mar 19 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.44.1.el9_7]
+- nfsd: add list_head nf_gc to struct nfsd_file (Roberto Bergantinos Corpas) [RHEL-152551]
+- redhat: genlog: add new JIRA cloud server hostname (Jan Stancek)
+- smb: client: fix oops due to uninitialised var in smb2_unlink() (Paulo Alcantara) [RHEL-154395]
+- cifs: some missing initializations on replay (Paulo Alcantara) [RHEL-154395]
+- smb: client: fix potential UAF and double free in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
+- smb/client: fix memory leak in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
+- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (Paulo Alcantara) [RHEL-154395]
+- bonding: fix use-after-free due to enslave fail after slave array update (CKI Backport Bot) [RHEL-152383] {CVE-2026-23171}
+- mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CKI Backport Bot) [RHEL-150477] {CVE-2026-23144}
+- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150226]
+- macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150226] {CVE-2026-23209}
+- dpll: zl3073x: Fix output pin phase adjustment sign (CKI Backport Bot) [RHEL-149764]
+- scsi: s390: zfcp: Ensure synchronous unit_add (CKI Backport Bot) [RHEL-143736]
+Resolves: RHEL-143736, RHEL-149764, RHEL-150226, RHEL-150477, RHEL-152383, RHEL-152551, RHEL-154395
+
+* Tue Mar 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.43.1.el9_7]
+- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150422] {CVE-2026-23193}
+- ALSA: aloop: Fix racy access at PCM trigger (CKI Backport Bot) [RHEL-150130] {CVE-2026-23191}
+- net: atm: fix /proc/net/atm/lec handling (Hangbin Liu) [RHEL-146421] {CVE-2025-38180}
+- net: atm: add lec_mutex (Hangbin Liu) [RHEL-146421] {CVE-2025-38323}
+- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (Mika Penttilä) [RHEL-125460] {CVE-2025-40096}
+Resolves: RHEL-125460, RHEL-146421, RHEL-150130, RHEL-150422
+
 * Thu Mar 12 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.42.1.el9_7]
 - scsi: qla2xxx: Allow recovery for tape devices (Ewan D. Milne) [RHEL-153437]
 - xfs: set max_agbno to allow sparse alloc of last full inode chunk (Brian Foster) [RHEL-142600]
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 82b47095b..cc8650437 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 611.42.1
+%define pkgrelease 611.45.1
 %define kversion 5
-%define tarfile_release 5.14.0-611.42.1.el9_7
+%define tarfile_release 5.14.0-611.45.1.el9_7
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 611.42.1%{?buildid}%{?dist}
+%define specrelease 611.45.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-611.42.1.el9_7
+%define kabiversion 5.14.0-611.45.1.el9_7
 
 #
 # End of genspec.sh variables
@@ -3771,7 +3771,7 @@ fi
 #
 #
 %changelog
-* Tue Mar 24 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.42.1
+* Wed Apr 01 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.45.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -3782,11 +3782,38 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
-* Tue Mar 24 2026 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.42.1
+* Wed Apr 01 2026 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.45.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 - Add KVM support for ppc64le
 
+* Sat Mar 21 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.45.1.el9_7]
+- net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150403] {CVE-2026-23204}
+- net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150403]
+- iommu: Skip PASID validation for devices without PASID capability (Eder Zulian) [RHEL-95264]
+
+* Thu Mar 19 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.44.1.el9_7]
+- nfsd: add list_head nf_gc to struct nfsd_file (Roberto Bergantinos Corpas) [RHEL-152551]
+- redhat: genlog: add new JIRA cloud server hostname (Jan Stancek)
+- smb: client: fix oops due to uninitialised var in smb2_unlink() (Paulo Alcantara) [RHEL-154395]
+- cifs: some missing initializations on replay (Paulo Alcantara) [RHEL-154395]
+- smb: client: fix potential UAF and double free in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
+- smb/client: fix memory leak in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
+- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (Paulo Alcantara) [RHEL-154395]
+- bonding: fix use-after-free due to enslave fail after slave array update (CKI Backport Bot) [RHEL-152383] {CVE-2026-23171}
+- mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CKI Backport Bot) [RHEL-150477] {CVE-2026-23144}
+- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150226]
+- macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150226] {CVE-2026-23209}
+- dpll: zl3073x: Fix output pin phase adjustment sign (CKI Backport Bot) [RHEL-149764]
+- scsi: s390: zfcp: Ensure synchronous unit_add (CKI Backport Bot) [RHEL-143736]
+
+* Tue Mar 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.43.1.el9_7]
+- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150422] {CVE-2026-23193}
+- ALSA: aloop: Fix racy access at PCM trigger (CKI Backport Bot) [RHEL-150130] {CVE-2026-23191}
+- net: atm: fix /proc/net/atm/lec handling (Hangbin Liu) [RHEL-146421] {CVE-2025-38180}
+- net: atm: add lec_mutex (Hangbin Liu) [RHEL-146421] {CVE-2025-38323}
+- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (Mika Penttilä) [RHEL-125460] {CVE-2025-40096}
+
 * Thu Mar 12 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.42.1.el9_7]
 - scsi: qla2xxx: Allow recovery for tape devices (Ewan D. Milne) [RHEL-153437]
 - xfs: set max_agbno to allow sparse alloc of last full inode chunk (Brian Foster) [RHEL-142600]