diff --git a/Makefile.rhelver b/Makefile.rhelver
index 1b64e083f..8702f9924 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 5
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 477
+RHEL_RELEASE = 478
 
 #
 # ZSTREAM
diff --git a/kernel.changelog b/kernel.changelog
index c70d66cd6..6b37a87e8 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,27 @@
+* Tue Jul 09 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-478.el9]
+- netfilter: conntrack: switch connlabels to atomic_t (Xin Long) [RHEL-28816]
+- sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) [RHEL-28816]
+- stm class: Fix a double free in stm_register_device() (David Arcari) [RHEL-44520] {CVE-2024-38627}
+- lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44261] {CVE-2024-38543}
+- netfilter: complete validation of user input (Phil Sutter) [RHEL-37212] {CVE-2024-35896}
+- netfilter: validate user input for expected length (Phil Sutter) [RHEL-37212] {CVE-2024-35896}
+- xfs: fix reloading entire unlinked bucket lists (Pavel Reichl) [RHEL-7990]
+- xfs: make inode unlinked bucket recovery work with quotacheck (Pavel Reichl) [RHEL-7990]
+- xfs: reload entire unlinked bucket lists (Pavel Reichl) [RHEL-7990]
+- xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list (Pavel Reichl) [RHEL-7990]
+- xfs: load uncached unlinked inodes into memory on demand (Pavel Reichl) [RHEL-7990]
+- netfilter: nf_tables: Implement table adoption support (Phil Sutter) [RHEL-32120]
+- netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST (Phil Sutter) [RHEL-32120]
+- netfilter: uapi: Document NFT_TABLE_F_OWNER flag (Phil Sutter) [RHEL-32120]
+- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39781] {CVE-2024-36929}
+- net: relax socket state check at accept time. (Florian Westphal) [RHEL-39833]
+- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39833] {CVE-2024-36905}
+- ppdev: Add an error check in register_device (Steve Best) [RHEL-39127] {CVE-2024-36015}
+- ppdev: Remove usage of the deprecated ida_simple_xx() API (Steve Best) [RHEL-39127] {CVE-2024-36015}
+- hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37725] {CVE-2021-47384}
+- of: module: prevent NULL pointer dereference in vsnprintf() (Steve Best) [RHEL-37254] {CVE-2024-35878}
+Resolves: RHEL-28816, RHEL-32120, RHEL-37212, RHEL-37254, RHEL-37725, RHEL-39127, RHEL-39781, RHEL-39833, RHEL-44261, RHEL-44520, RHEL-7990
+
 * Mon Jul 08 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-477.el9]
 - KEYS: trusted: Fix memory leak in tpm2_key_encode() (CKI Backport Bot) [RHEL-41151] {CVE-2024-36967}
 - mm/zswap: invalidate duplicate entry when !zswap_enabled (Rafael Aquini) [RHEL-40684]
diff --git a/kernel.spec b/kernel.spec
index b1f36b76b..f0bf89846 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 477
+%define pkgrelease 478
 %define kversion 5
-%define tarfile_release 5.14.0-477.el9
+%define tarfile_release 5.14.0-478.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 477%{?buildid}%{?dist}
+%define specrelease 478%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-477.el9
+%define kabiversion 5.14.0-478.el9
 
 #
 # End of genspec.sh variables
@@ -3747,6 +3747,29 @@ fi
 #
 #
 %changelog
+* Tue Jul 09 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-478.el9]
+- netfilter: conntrack: switch connlabels to atomic_t (Xin Long) [RHEL-28816]
+- sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) [RHEL-28816]
+- stm class: Fix a double free in stm_register_device() (David Arcari) [RHEL-44520] {CVE-2024-38627}
+- lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44261] {CVE-2024-38543}
+- netfilter: complete validation of user input (Phil Sutter) [RHEL-37212] {CVE-2024-35896}
+- netfilter: validate user input for expected length (Phil Sutter) [RHEL-37212] {CVE-2024-35896}
+- xfs: fix reloading entire unlinked bucket lists (Pavel Reichl) [RHEL-7990]
+- xfs: make inode unlinked bucket recovery work with quotacheck (Pavel Reichl) [RHEL-7990]
+- xfs: reload entire unlinked bucket lists (Pavel Reichl) [RHEL-7990]
+- xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list (Pavel Reichl) [RHEL-7990]
+- xfs: load uncached unlinked inodes into memory on demand (Pavel Reichl) [RHEL-7990]
+- netfilter: nf_tables: Implement table adoption support (Phil Sutter) [RHEL-32120]
+- netfilter: nf_tables: Introduce NFT_TABLE_F_PERSIST (Phil Sutter) [RHEL-32120]
+- netfilter: uapi: Document NFT_TABLE_F_OWNER flag (Phil Sutter) [RHEL-32120]
+- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39781] {CVE-2024-36929}
+- net: relax socket state check at accept time. (Florian Westphal) [RHEL-39833]
+- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39833] {CVE-2024-36905}
+- ppdev: Add an error check in register_device (Steve Best) [RHEL-39127] {CVE-2024-36015}
+- ppdev: Remove usage of the deprecated ida_simple_xx() API (Steve Best) [RHEL-39127] {CVE-2024-36015}
+- hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37725] {CVE-2021-47384}
+- of: module: prevent NULL pointer dereference in vsnprintf() (Steve Best) [RHEL-37254] {CVE-2024-35878}
+
 * Mon Jul 08 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-477.el9]
 - KEYS: trusted: Fix memory leak in tpm2_key_encode() (CKI Backport Bot) [RHEL-41151] {CVE-2024-36967}
 - mm/zswap: invalidate duplicate entry when !zswap_enabled (Rafael Aquini) [RHEL-40684]
diff --git a/sources b/sources
index 567fb8948..2894ff609 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-477.el9.tar.xz) = 76f1083226ea75edf2c60400f468d95f1d5679bbe1fc917ecca682980e78d48d0dc8806667e0bb6840594a9bad74f20feee5e61c0af6003b752912a0bcd33f7c
-SHA512 (kernel-abi-stablelists-5.14.0-477.el9.tar.bz2) = 304d7e9b419025d4559c413989ecca6c47467e646750b889cf8681e9f9d372e6ce0aeadc2ea7c9b304016280ee776c77d8550e34b4c8262be2bc178fe807fa26
-SHA512 (kernel-kabi-dw-5.14.0-477.el9.tar.bz2) = f457713ced0439861c4afb630f3f9a9c70ca92a9a9b5df963dfd843ba7f63d96eee6a43a998be8a328b19178d806c465f2f129104b17fc848c84c4cd22492963
+SHA512 (linux-5.14.0-478.el9.tar.xz) = 9de8e409352536d1850a0fe9255e43e0b84f2edb119efe2900057c4031cf7657463305d0a3aae54c3be4c9d24c7548b657a9267b01f14957f85d26509011c005
+SHA512 (kernel-abi-stablelists-5.14.0-478.el9.tar.bz2) = 3fd4bafee9611aa41f3804ee5526a67937531082240c7358a608c748e1699b0ae1042f691076c1b307caf2562b14c630340bf0f396d1abe9457904f600717286
+SHA512 (kernel-kabi-dw-5.14.0-478.el9.tar.bz2) = f457713ced0439861c4afb630f3f9a9c70ca92a9a9b5df963dfd843ba7f63d96eee6a43a998be8a328b19178d806c465f2f129104b17fc848c84c4cd22492963