diff --git a/kernel.spec b/kernel.spec
index 4b37c5755..049ec386a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.16.1.el8_10
+%define pkgrelease 553.17.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.16.1%{?dist}
+%define specrelease 553.17.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,93 @@ fi
 #
 #
 %changelog
+* Wed Aug 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.17.1.el8_10]
+- kyber: fix out of bounds access when preempted (Ming Lei) [RHEL-27258] {CVE-2021-46984}
+- vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-35874]
+- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-35874]
+- fbmem: Do not delete the mode that is still in use (CKI Backport Bot) [RHEL-37796] {CVE-2021-47338}
+- netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49361] {CVE-2024-41005}
+- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Mark Salter) [RHEL-43702] {CVE-2021-47609}
+- ipv6: prevent possible NULL dereference in rt6_probe() (Guillaume Nault) [RHEL-48149] {CVE-2024-40960}
+- HID: i2c-hid-of: fix NULL-deref on failed power up (CKI Backport Bot) [RHEL-31598] {CVE-2024-26717}
+- cpufreq: amd-pstate: fix memory leak on CPU EPP exit (CKI Backport Bot) [RHEL-48489] {CVE-2024-40997}
+- x86/mm/pat: fix VM_PAT handling in COW mappings (Chris von Recklinghausen) [RHEL-37258] {CVE-2024-35877}
+- PCI/PM: Drain runtime-idle callbacks before driver removal (Myron Stowe) [RHEL-42937] {CVE-2024-35809}
+- PCI: Drop pci_device_remove() test of pci_dev->driver (Myron Stowe) [RHEL-42937] {CVE-2024-35809}
+- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Mika Penttilä) [RHEL-26909] {CVE-2023-52470}
+- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Desnes Nunes) [RHEL-43979] {CVE-2022-48760}
+- cifs: fix bad fids sent over wire (Paulo Alcantara) [RHEL-52517]
+- smb3: add additional null check in SMB311_posix_mkdir (Paulo Alcantara) [RHEL-52517]
+- smb3: add additional null check in SMB2_tcon (Paulo Alcantara) [RHEL-52517]
+- smb3: add additional null check in SMB2_open (Paulo Alcantara) [RHEL-52517]
+- smb3: add additional null check in SMB2_ioctl (Paulo Alcantara) [RHEL-52517]
+- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501}
+- drivers: core: synchronize really_probe() and dev_uevent() (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501}
+- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Xin Long) [RHEL-42997] {CVE-2024-35884}
+- filelock: Remove locks reliably when fcntl/close race is detected (Bill O'Donnell) [RHEL-50170] {CVE-2024-41012}
+- Input: add bounds checking to input_set_capability() (Benjamin Tissoires) [RHEL-21413] {CVE-2022-48619}
+- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48130] {CVE-2024-40959}
+- blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (Ming Lei) [RHEL-33695]
+- blk-cgroup: fix list corruption from resetting io stat (Ming Lei) [RHEL-33695]
+- net: do not leave a dangling sk pointer, when socket creation fails (CKI Backport Bot) [RHEL-48060] {CVE-2024-40954}
+- perf/x86/lbr: Filter vsyscall addresses (Michael Petlan) [RHEL-28991] {CVE-2023-52476}
+- vmci: prevent speculation leaks by sanitizing event in event_deliver() (CKI Backport Bot) [RHEL-47678] {CVE-2024-39499}
+- serial: core: fix transmit-buffer reset and memleak (Steve Best) [RHEL-38731] {CVE-2021-47527}
+- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Mamatha Inamdar) [RHEL-51236] {CVE-2024-41065}
+- powerpc/eeh: avoid possible crash when edev->pdev changes (Mamatha Inamdar) [RHEL-51220] {CVE-2024-41064}
+- x86: stop playing stack games in profile_pc() (Steve Best) [RHEL-51643] {CVE-2024-42096}
+- mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47933 RHEL-47934] {CVE-2024-40931}
+- liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (CKI Backport Bot) [RHEL-47492] {CVE-2024-39506}
+- tun: add missing verification for short frame (Patrick Talbert) [RHEL-50194] {CVE-2024-41091}
+- tap: add missing verification for short frame (Patrick Talbert) [RHEL-50279] {CVE-2024-41090}
+- usb-storage: alauda: Check whether the media is initialized (Desnes Nunes) [RHEL-43708] {CVE-2024-38619}
+- usb-storage: alauda: Fix uninit-value in alauda_check_media() (Desnes Nunes) [RHEL-43708] {CVE-2024-38619}
+- hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37723] {CVE-2021-47384}
+- block: fix that util can be greater than 100%% (Ming Lei) [RHEL-23074]
+- block: support to account io_ticks precisely (Ming Lei) [RHEL-23074]
+- watchdog: Fix possible use-after-free by calling del_timer_sync() (Steve Best) [RHEL-38795] {CVE-2021-47321}
+- hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37719] {CVE-2021-47385}
+- mlxsw: spectrum: Protect driver from buggy firmware (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560}
+- mlxsw: Verify the accessed index doesn't exceed the array length (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560}
+- dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41835] {CVE-2024-26880}
+- tty: Fix out-of-bound vmalloc access in imageblit (Steve Best) [RHEL-37727] {CVE-2021-47383}
+- hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37715] {CVE-2021-47386}
+- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (Steve Best) [RHEL-37710] {CVE-2021-47393}
+- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Steve Best) [RHEL-38436] {CVE-2021-47497}
+- driver core: auxiliary bus: Fix memory leak when driver_register() fail (Steve Best) [RHEL-37901] {CVE-2021-47287}
+- phylib: fix potential use-after-free (cki-backport-bot) [RHEL-43764] {CVE-2022-48754}
+- ptp: Fix possible memory leak in ptp_clock_register() (Hangbin Liu) [RHEL-38424] {CVE-2021-47455}
+- NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-51315] {CVE-2024-41076}
+- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CKI Backport Bot) [RHEL-51618] {CVE-2024-42090}
+- ftruncate: pass a signed offset (CKI Backport Bot) [RHEL-51598] {CVE-2024-42084}
+- af_unix: Fix garbage collector racing against connect() (Felix Maurer) [RHEL-34225] {CVE-2024-26923}
+- virtio-net: Add validation for used length (Laurent Vivier) [RHEL-42080] {CVE-2021-47352}
+- net: fix possible store tearing in neigh_periodic_work() (Antoine Tenart) [RHEL-42359] {CVE-2023-52522}
+- tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) [RHEL-41823] {CVE-2024-26665}
+- vt_ioctl: fix array_index_nospec in vt_setactivate (John W. Linville) [RHEL-49141] {CVE-2022-48804}
+- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (CKI Backport Bot) [RHEL-38302] {CVE-2023-52840}
+- netns: Make get_net_ns() handle zero refcount net (Antoine Tenart) [RHEL-48105] {CVE-2024-40958}
+- tracing: Ensure visibility when inserting an element into tracing_map (Michael Petlan) [RHEL-30457] {CVE-2024-26645}
+- KVM: s390: fix LPSWEY handling (CKI Backport Bot) [RHEL-50072]
+- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CKI Backport Bot) [RHEL-51144] {CVE-2024-41056}
+- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) [RHEL-11843]
+- firmware: cs_dsp: Fix overflow checking of wmfw header (CKI Backport Bot) [RHEL-50999] {CVE-2024-41039}
+- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (CKI Backport Bot) [RHEL-50987] {CVE-2024-41038}
+- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Xin Long) [RHEL-48471] {CVE-2024-40995}
+- net: fix out-of-bounds access in ops_init (Xin Long) [RHEL-43185] {CVE-2024-36883}
+- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Steve Best) [RHEL-45310]
+- x86/mce/therm_throt: Do not access uninitialized therm_work (Steve Best) [RHEL-45310]
+- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Steve Best) [RHEL-45310]
+- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Steve Best) [RHEL-45310]
+- x86/mce/therm_throt: Optimize notifications of thermal throttle (Steve Best) [RHEL-45310]
+- jiffies: add utility function to calculate delta in ms (Steve Best) [RHEL-45310]
+- x86/mce: Lower throttling MCE messages' priority to warning (Steve Best) [RHEL-45310]
+- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (Eder Zulian) [RHEL-37361] {CVE-2024-35989}
+- xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50879] {CVE-2024-41013}
+- xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50856] {CVE-2024-41014}
+- dm-crypt: limit the size of encryption requests (Benjamin Marzinski) [RHEL-29330]
+- netfilter: flowtable: remove nf_ct_l4proto_find() call (Florian Westphal) [RHEL-49589]
+
 * Thu Aug 01 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.16.1.el8_10]
 - x86/bhi: Fix incorrect CLEAR_BRANCH_HISTORY position in entry_INT80_compat (Waiman Long) [RHEL-50648]
 
diff --git a/sources b/sources
index b60ea5e1d..ae6fc5826 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.16.1.el8_10.tar.xz) = 34da53bd32c3d3b62a01f31db43aa1e736ed70713bfb756458d9c2bb03f644b384c9e840fe1cd23cd5d45882e1d106194b9d0f7050f4e7d1c85a8c850dfd986c
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 69ba50bb03d9fefc3015576550e559360e0204e18758c143f3546930e755d8f2e4fa1de61257a8cbf0670a7312d72e38ecc7d28821c51e235ea6be6ec4607a8a
+SHA512 (linux-4.18.0-553.17.1.el8_10.tar.xz) = 3b91f68d9c081e0b3d8c57c1fc8890db5fece2b69a64907adaefb70a24f26a10a3b37065a5626ecff06d77efb73e61266d07d61b09366fc4fb0242785cae30ae
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 00eb1195ab440028552b55c9535bd50cb50c72e5adf6af4111ae59beb23f35348ef6e472909569ed1cc370ff1486841d8b28b02c20ead8120081091e3ec091ea
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf