diff --git a/.gitignore b/.gitignore
index 142f069f8..797664075 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-503.38.1.el9_5.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-503.38.1.el9_5.tar.bz2
-SOURCES/linux-5.14.0-503.38.1.el9_5.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-503.40.1.el9_5.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-503.40.1.el9_5.tar.bz2
+SOURCES/linux-5.14.0-503.40.1.el9_5.tar.xz
 SOURCES/nvidiagpuoot001.x509
 SOURCES/olima1.x509
 SOURCES/olimaca1.x509
diff --git a/.kernel.metadata b/.kernel.metadata
index eab4e315c..751599475 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,6 +1,6 @@
-0b4db8bd47ff2129b6fe7dea4cc71838939c5831 SOURCES/kernel-abi-stablelists-5.14.0-503.38.1.el9_5.tar.bz2
-4f15f8c73195f7efaca3354972d57accfac03d85 SOURCES/kernel-kabi-dw-5.14.0-503.38.1.el9_5.tar.bz2
-84058cac8e5b933bd4c8bd1a1e33fec5a43e9154 SOURCES/linux-5.14.0-503.38.1.el9_5.tar.xz
+7c1b2d2a4cd993fd0278c7ca02a43321a1808318 SOURCES/kernel-abi-stablelists-5.14.0-503.40.1.el9_5.tar.bz2
+00292847cf35705bd5ca44f3ace342c5f23b64f3 SOURCES/kernel-kabi-dw-5.14.0-503.40.1.el9_5.tar.bz2
+a935f3997906f55c87d48b08b3651f68e259a340 SOURCES/linux-5.14.0-503.40.1.el9_5.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509
diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver
index cb7ff5ce0..01794d4e4 100644
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 5
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 503.38.1
+RHEL_RELEASE = 503.40.1
 
 #
 # ZSTREAM
diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog
index 821708ee4..13f647877 100644
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@@ -1,3 +1,33 @@
+* Wed Apr 23 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-503.40.1.el9_5]
+- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-87479] {CVE-2025-21927}
+- ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-75438] {CVE-2024-42322}
+- bonding: fix null pointer deref in bond_ipsec_offload_ok (CKI Backport Bot) [RHEL-75453] {CVE-2024-44990}
+- smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85523]
+- bonding: Correctly support GSO ESP offload (CKI Backport Bot) [RHEL-73403]
+- team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73403]
+- team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73403]
+- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
+- team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73403]
+- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
+- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73403]
+- net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73403]
+- bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73403]
+- net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73403]
+- netfilter: br_netfilter: fix panic with metadata_dst skb (Ivan Vecera) [RHEL-71956]
+- bridge: mcast: Fail MDB get request on empty entry (Ivan Vecera) [RHEL-71956]
+- net: stmmac: dwmac-tegra: Fix link bring-up sequence (Jose Ignacio Tornos Martinez) [RHEL-73478]
+- kobject_uevent: Fix OOB access within zap_modalias_env() (CKI KWF BOT) [RHEL-75435] {CVE-2024-42292}
+Resolves: RHEL-71956, RHEL-73403, RHEL-73478, RHEL-75435, RHEL-75438, RHEL-75453, RHEL-85523, RHEL-87479
+
+* Mon Apr 14 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-503.39.1.el9_5]
+- igb: cope with large MAX_SKB_FRAGS (Corinna Vinschen) [RHEL-75552]
+- x86/sev: Ensure that RMP table fixups are reserved (Bandan Das) [RHEL-84716]
+- ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-75456] {CVE-2024-46826}
+- smb: client: fix double put of @cfile in smb2_set_path_size() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46796}
+- smb: client: fix double put of @cfile in smb2_rename_path() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46736}
+- smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp (Paulo Alcantara) [RHEL-79342]
+Resolves: RHEL-75456, RHEL-75552, RHEL-79342, RHEL-84716
+
 * Mon Apr 14 2025 Chao YE <cye@redhat.com> [5.14.0-503.38.1.el9_5]
 - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (CKI Backport Bot) [RHEL-86726] {CVE-2024-53150}
 Resolves: RHEL-86726
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index b1056440f..6212f336b 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 503.38.1
+%define pkgrelease 503.40.1
 %define kversion 5
-%define tarfile_release 5.14.0-503.38.1.el9_5
+%define tarfile_release 5.14.0-503.40.1.el9_5
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 503.38.1%{?buildid}%{?dist}
+%define specrelease 503.40.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-503.38.1.el9_5
+%define kabiversion 5.14.0-503.40.1.el9_5
 
 #
 # End of genspec.sh variables
@@ -3795,7 +3795,7 @@ fi
 #
 #
 %changelog
-* Fri Apr 18 2025 Andrei Lukoshko <alukoshko@almalinux.org> - 5.14.0-503.38.1
+* Mon May 05 2025 Andrei Lukoshko <alukoshko@almalinux.org> - 5.14.0-503.40.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -3806,10 +3806,38 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
-* Fri Apr 18 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-503.38.1
+* Mon May 05 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-503.40.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 
+* Wed Apr 23 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-503.40.1.el9_5]
+- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-87479] {CVE-2025-21927}
+- ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-75438] {CVE-2024-42322}
+- bonding: fix null pointer deref in bond_ipsec_offload_ok (CKI Backport Bot) [RHEL-75453] {CVE-2024-44990}
+- smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85523]
+- bonding: Correctly support GSO ESP offload (CKI Backport Bot) [RHEL-73403]
+- team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73403]
+- team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73403]
+- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
+- team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73403]
+- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73403]
+- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73403]
+- net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73403]
+- bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73403]
+- net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73403]
+- netfilter: br_netfilter: fix panic with metadata_dst skb (Ivan Vecera) [RHEL-71956]
+- bridge: mcast: Fail MDB get request on empty entry (Ivan Vecera) [RHEL-71956]
+- net: stmmac: dwmac-tegra: Fix link bring-up sequence (Jose Ignacio Tornos Martinez) [RHEL-73478]
+- kobject_uevent: Fix OOB access within zap_modalias_env() (CKI KWF BOT) [RHEL-75435] {CVE-2024-42292}
+
+* Mon Apr 14 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-503.39.1.el9_5]
+- igb: cope with large MAX_SKB_FRAGS (Corinna Vinschen) [RHEL-75552]
+- x86/sev: Ensure that RMP table fixups are reserved (Bandan Das) [RHEL-84716]
+- ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-75456] {CVE-2024-46826}
+- smb: client: fix double put of @cfile in smb2_set_path_size() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46796}
+- smb: client: fix double put of @cfile in smb2_rename_path() (Paulo Alcantara) [RHEL-79342] {CVE-2024-46736}
+- smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp (Paulo Alcantara) [RHEL-79342]
+
 * Mon Apr 14 2025 Chao YE <cye@redhat.com> [5.14.0-503.38.1.el9_5]
 - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (CKI Backport Bot) [RHEL-86726] {CVE-2024-53150}