diff --git a/Makefile.rhelver b/Makefile.rhelver
index 14833fe1a..38688c5a3 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 8
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 659
+RHEL_RELEASE = 660
 
 #
 # ZSTREAM
diff --git a/kernel.changelog b/kernel.changelog
index 3c7202318..ad462e33f 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,27 @@
+* Thu Jan 15 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-660.el9]
+- bpf, arm64: Do not audit capability check in do_jit() (CKI Backport Bot) [RHEL-126125]
+- vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139285] {CVE-2025-40248}
+- x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT (Paolo Bonzini) [RHEL-32892]
+- x86/sev: Evict cache lines during SNP memory validation (Paolo Bonzini) [RHEL-32892]
+- HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: ipc: Separate hibernate callbacks in dev_pm_ops (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Use IPC RESET instead of void message in ish_wakeup() (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: ipc: Always schedule FW reset work on RESET_NOTIFY/ACK (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-ipc: Reset clients state on resume from D3 (Tony Camuso) [RHEL-136560]
+- HID: intel-ishtp-hid: Clear suspended flag only after connected on resume (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Add ishtp_get_connection_state() interface (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-ipc: Remove redundant ready check after timeout function (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Increase ISHTP resume ack timeout to 300ms (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: ipc: Add Wildcat Lake PCI device ID (Tony Camuso) [RHEL-136560]
+- hid: intel-ish-hid: Use PCI_DEVICE_DATA() macro for ISH device table (Tony Camuso) [RHEL-136560]
+- cifs: Fix deadlock in cifs_writepages during reconnect (Paulo Alcantara) [RHEL-132486]
+- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131972] {CVE-2025-37819}
+- time/timecounter: Fix the lie that struct cyclecounter is const (Ivan Vecera) [RHEL-127559]
+- Bluetooth: ISO: Fix possible UAF on iso_conn_free (CKI Backport Bot) [RHEL-128894] {CVE-2025-40141}
+- ice: ice_adapter: release xa entry on adapter allocation failure (CKI Backport Bot) [RHEL-128470] {CVE-2025-40185}
+Resolves: RHEL-126125, RHEL-127559, RHEL-128470, RHEL-128894, RHEL-131972, RHEL-132486, RHEL-136560, RHEL-139285, RHEL-32892
+
 * Wed Jan 14 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-659.el9]
 - mm: hugetlb: avoid soft lockup when mprotect to large memory area (Luiz Capitulino) [RHEL-139899]
 - net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139488] {CVE-2025-68301}
diff --git a/kernel.spec b/kernel.spec
index 6fd545ab2..2989badb0 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 659
+%define pkgrelease 660
 %define kversion 5
-%define tarfile_release 5.14.0-659.el9
+%define tarfile_release 5.14.0-660.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 659%{?buildid}%{?dist}
+%define specrelease 660%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-659.el9
+%define kabiversion 5.14.0-660.el9
 
 #
 # End of genspec.sh variables
@@ -3703,6 +3703,29 @@ fi
 #
 #
 %changelog
+* Thu Jan 15 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-660.el9]
+- bpf, arm64: Do not audit capability check in do_jit() (CKI Backport Bot) [RHEL-126125]
+- vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139285] {CVE-2025-40248}
+- x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT (Paolo Bonzini) [RHEL-32892]
+- x86/sev: Evict cache lines during SNP memory validation (Paolo Bonzini) [RHEL-32892]
+- HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: ipc: Separate hibernate callbacks in dev_pm_ops (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Use IPC RESET instead of void message in ish_wakeup() (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: ipc: Always schedule FW reset work on RESET_NOTIFY/ACK (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-ipc: Reset clients state on resume from D3 (Tony Camuso) [RHEL-136560]
+- HID: intel-ishtp-hid: Clear suspended flag only after connected on resume (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Add ishtp_get_connection_state() interface (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-ipc: Remove redundant ready check after timeout function (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: Increase ISHTP resume ack timeout to 300ms (Tony Camuso) [RHEL-136560]
+- HID: intel-ish-hid: ipc: Add Wildcat Lake PCI device ID (Tony Camuso) [RHEL-136560]
+- hid: intel-ish-hid: Use PCI_DEVICE_DATA() macro for ISH device table (Tony Camuso) [RHEL-136560]
+- cifs: Fix deadlock in cifs_writepages during reconnect (Paulo Alcantara) [RHEL-132486]
+- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131972] {CVE-2025-37819}
+- time/timecounter: Fix the lie that struct cyclecounter is const (Ivan Vecera) [RHEL-127559]
+- Bluetooth: ISO: Fix possible UAF on iso_conn_free (CKI Backport Bot) [RHEL-128894] {CVE-2025-40141}
+- ice: ice_adapter: release xa entry on adapter allocation failure (CKI Backport Bot) [RHEL-128470] {CVE-2025-40185}
+
 * Wed Jan 14 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-659.el9]
 - mm: hugetlb: avoid soft lockup when mprotect to large memory area (Luiz Capitulino) [RHEL-139899]
 - net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139488] {CVE-2025-68301}
diff --git a/sources b/sources
index 0e987b4ad..ef0d497af 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-659.el9.tar.xz) = 5976d592d9a510990b1c4436cb8936ca060bed8ed7c7d0b32011d7c44a0c2f9e0ddcfd7fbbf6aa0a1cf1922ee8bd5c5e091570371aa2673490b2dface940f302
-SHA512 (kernel-abi-stablelists-5.14.0-659.el9.tar.bz2) = 5a5a33cedf11a205d4f037e27f05c373acaa7445437b96b9edada9f60d1ccc756a2aa12c121d783d1959e21bc6d603850dc5b4b95b8c340cec9b82162cab287b
-SHA512 (kernel-kabi-dw-5.14.0-659.el9.tar.bz2) = 0db642ffd80acf80e2a2045880d208abdcdd15ee1cd055188328f15e7a2dd64d725032ce498e43b79928c2014f8b0d19323fe3d10c66da2b95ad735a7fc010ac
+SHA512 (linux-5.14.0-660.el9.tar.xz) = f2f58ec80406522c97ce844d356a1ad74cb9aa37c82164c4290689f0292ced0433c3b8d25adef139c7155db1b4e607b4535871fb85e96e17b2e07ba988437faf
+SHA512 (kernel-abi-stablelists-5.14.0-660.el9.tar.bz2) = b8eea95cd2fb7531f8e070e51a631823ae87936afdf9742df1ceef3f343b3fa5750fdce5f416beb6472796387601f470d2a6fe65674d4a74ed16293512a6d1fc
+SHA512 (kernel-kabi-dw-5.14.0-660.el9.tar.bz2) = e1f1e48a500b71e283fa69389338c327f98e92fa882920ae01759df8199885cdb5edcac27a6570926600cf285b02fa3df1db98e3db99a29623d04010a57019c7