diff --git a/.gitignore b/.gitignore
index 3de81e6cf..348b8fb63 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-611.27.1.el9_7.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-611.27.1.el9_7.tar.bz2
-SOURCES/linux-5.14.0-611.27.1.el9_7.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-611.30.1.el9_7.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-611.30.1.el9_7.tar.bz2
+SOURCES/linux-5.14.0-611.30.1.el9_7.tar.xz
 SOURCES/nvidiagpuoot001.x509
 SOURCES/olima1.x509
 SOURCES/olimaca1.x509
diff --git a/.kernel.metadata b/.kernel.metadata
index bb4f5a1c7..30f1c985d 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,6 +1,6 @@
-7f34ef5898e32466a6f434da56eeb0487136f6ac SOURCES/kernel-abi-stablelists-5.14.0-611.27.1.el9_7.tar.bz2
-e5b2834bd258fd71ccd96c1e23e590b5398301d7 SOURCES/kernel-kabi-dw-5.14.0-611.27.1.el9_7.tar.bz2
-d69b7cacfbbc95df583c8018d27f528ef840afe7 SOURCES/linux-5.14.0-611.27.1.el9_7.tar.xz
+40a33215f3219cf1805059712587a479900af57b SOURCES/kernel-abi-stablelists-5.14.0-611.30.1.el9_7.tar.bz2
+b798bb2cabb08f43d60107a82700e71373dd72f5 SOURCES/kernel-kabi-dw-5.14.0-611.30.1.el9_7.tar.bz2
+52afe54cbd876ae20218f10dfa859013446ad881 SOURCES/linux-5.14.0-611.30.1.el9_7.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509
diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver
index cff766fb6..f1119ce4e 100644
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 7
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 611.27.1
+RHEL_RELEASE = 611.30.1
 
 #
 # ZSTREAM
diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog
index e45c6204e..71b99a8b0 100644
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@@ -1,3 +1,76 @@
+* Thu Jan 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.30.1.el9_7]
+- io_uring/net: commit partial buffers on retry (Jeff Moyer) [RHEL-137329] {CVE-2025-38730}
+- io_uring/kbuf: add io_kbuf_commit() helper (Jeff Moyer) [RHEL-137329]
+- io_uring/kbuf: use 'bl' directly rather than req->buf_list (Jeff Moyer) [RHEL-137329]
+- ice: prevent NULL deref in ice_lag_move_new_vf_nodes() (Michal Schmidt) [RHEL-143296]
+- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Adrian Moreno) [RHEL-141404]
+- atm: clip: Fix infinite recursive call of clip_push(). (Guillaume Nault) [RHEL-137601] {CVE-2025-38459}
+- dpll: zl3073x: Remove unused dev wrappers (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Cache all output properties in zl3073x_out (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Cache all reference properties in zl3073x_ref (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Cache reference monitor status (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Split ref, out, and synth logic from core (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Store raw register values instead of parsed state (Ivan Vecera) [RHEL-139699]
+- dpll: fix device-id-get and pin-id-get to return errors properly (Ivan Vecera) [RHEL-139699]
+- dpll: spec: add missing module-name and clock-id to pin-get reply (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Allow to configure phase offset averaging factor (Ivan Vecera) [RHEL-139699]
+- dpll: add phase_offset_avg_factor_get/set callback ops (Ivan Vecera) [RHEL-139699]
+- dpll: add phase-offset-avg-factor device attribute to netlink spec (Ivan Vecera) [RHEL-139699]
+- dpll: fix clock quality level reporting (Ivan Vecera) [RHEL-139699]
+- dpll: add reference sync get/set (Ivan Vecera) [RHEL-139699]
+- dpll: add reference-sync netlink attribute (Ivan Vecera) [RHEL-139699]
+- dpll: remove documentation of rclk_dev_name (Ivan Vecera) [RHEL-139699]
+- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129084] {CVE-2025-40170}
+- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Hangbin Liu) [RHEL-129084]
+- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (Hangbin Liu) [RHEL-129084]
+- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129018] {CVE-2025-40135}
+- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128982] {CVE-2025-40158}
+- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-128982]
+- ipv4: use RCU protection in __ip_rt_update_pmtu() (Hangbin Liu) [RHEL-128982]
+- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-128982]
+- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-128982]
+- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (Hangbin Liu) [RHEL-128982]
+- vrf: Fix lockdep splat in output path (Hangbin Liu) [RHEL-128982]
+- ipv6: remove nexthop_fib6_nh_bh() (Hangbin Liu) [RHEL-128982]
+- net: remove rcu_dereference_bh_rtnl() (Hangbin Liu) [RHEL-128982]
+- neighbour: switch to standard rcu, instead of rcu_bh (Hangbin Liu) [RHEL-128982]
+- ipv6: flowlabel: do not disable BH where not needed (Hangbin Liu) [RHEL-128982]
+- ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh() (Hangbin Liu) [RHEL-128982]
+- neigh: introduce neigh_confirm() helper function (Hangbin Liu) [RHEL-128982]
+- net: bonding: update the slave array for broadcast mode (Hangbin Liu) [RHEL-132923]
+- net: bonding: add broadcast_neighbor netlink option (Hangbin Liu) [RHEL-132923]
+- net: bonding: add broadcast_neighbor option for 802.3ad (Hangbin Liu) [RHEL-132923]
+- vsock/vmci: Clear the vmci transport packet properly when initializing it (CKI Backport Bot) [RHEL-137697] {CVE-2025-38403}
+- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (CKI Backport Bot) [RHEL-136909] {CVE-2025-40269}
+- nvme: tcp: Fix compilation warning with W=1 (John Meneghini) [RHEL-129928]
+- nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (John Meneghini) [RHEL-129928]
+Resolves: RHEL-128982, RHEL-129018, RHEL-129084, RHEL-129928, RHEL-132923, RHEL-136909, RHEL-137329, RHEL-137601, RHEL-137697, RHEL-139699, RHEL-141404, RHEL-143296
+
+* Tue Jan 27 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.29.1.el9_7]
+- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138015] {CVE-2025-38415}
+- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138015] {CVE-2025-38415}
+- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137364] {CVE-2025-39760}
+- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CKI Backport Bot) [RHEL-137069] {CVE-2025-38024}
+Resolves: RHEL-137069, RHEL-137364, RHEL-138015
+
+* Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.28.1.el9_7]
+- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (Luiz Capitulino) [RHEL-133337]
+- s390: mm: add stub for hugetlb_optimize_vmemmap_key (Luiz Capitulino) [RHEL-133337]
+- fs/proc: fix uaf in proc_readdir_de() (CKI Backport Bot) [RHEL-137098] {CVE-2025-40271}
+- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136256] {CVE-2025-40318}
+- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CKI Backport Bot) [RHEL-134352] {CVE-2025-38022}
+- cifs: Fix deadlock in cifs_writepages during reconnect (Paulo Alcantara) [RHEL-134234]
+- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131974] {CVE-2025-37819}
+- net: openvswitch: fix nested key length validation in the set() action (CKI Backport Bot) [RHEL-131801] {CVE-2025-37789}
+- md: avoid repeated calls to del_gendisk (Nigel Croxon) [RHEL-126532]
+- md: delete mddev kobj before deleting gendisk kobj (Nigel Croxon) [RHEL-126532]
+- md: add legacy_async_del_gendisk mode (Nigel Croxon) [RHEL-126532]
+- md: Don't clear MD_CLOSING until mddev is freed (Nigel Croxon) [RHEL-126532]
+- md: fix create on open mddev lifetime regression (Nigel Croxon) [RHEL-126532]
+- md: call del_gendisk in control path (Nigel Croxon) [RHEL-126532]
+- Bluetooth: ISO: Fix possible UAF on iso_conn_free (CKI Backport Bot) [RHEL-128891] {CVE-2025-40141}
+Resolves: RHEL-126532, RHEL-128891, RHEL-131801, RHEL-131974, RHEL-133337, RHEL-134234, RHEL-134352, RHEL-136256, RHEL-137098
+
 * Tue Jan 20 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.27.1.el9_7]
 - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136822] {CVE-2025-38568}
 - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CKI Backport Bot) [RHEL-134923] {CVE-2025-40251}
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 033296837..b3eed73e9 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 611.27.1
+%define pkgrelease 611.30.1
 %define kversion 5
-%define tarfile_release 5.14.0-611.27.1.el9_7
+%define tarfile_release 5.14.0-611.30.1.el9_7
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 611.27.1%{?buildid}%{?dist}
+%define specrelease 611.30.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-611.27.1.el9_7
+%define kabiversion 5.14.0-611.30.1.el9_7
 
 #
 # End of genspec.sh variables
@@ -3771,7 +3771,7 @@ fi
 #
 #
 %changelog
-* Wed Feb 04 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.27.1
+* Wed Feb 11 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.30.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -3782,11 +3782,81 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
-* Wed Feb 04 2026 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.27.1
+* Wed Feb 11 2026 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.30.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 - Add KVM support for ppc64le
 
+* Thu Jan 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.30.1.el9_7]
+- io_uring/net: commit partial buffers on retry (Jeff Moyer) [RHEL-137329] {CVE-2025-38730}
+- io_uring/kbuf: add io_kbuf_commit() helper (Jeff Moyer) [RHEL-137329]
+- io_uring/kbuf: use 'bl' directly rather than req->buf_list (Jeff Moyer) [RHEL-137329]
+- ice: prevent NULL deref in ice_lag_move_new_vf_nodes() (Michal Schmidt) [RHEL-143296]
+- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Adrian Moreno) [RHEL-141404]
+- atm: clip: Fix infinite recursive call of clip_push(). (Guillaume Nault) [RHEL-137601] {CVE-2025-38459}
+- dpll: zl3073x: Remove unused dev wrappers (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Cache all output properties in zl3073x_out (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Cache all reference properties in zl3073x_ref (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Cache reference monitor status (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Split ref, out, and synth logic from core (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Store raw register values instead of parsed state (Ivan Vecera) [RHEL-139699]
+- dpll: fix device-id-get and pin-id-get to return errors properly (Ivan Vecera) [RHEL-139699]
+- dpll: spec: add missing module-name and clock-id to pin-get reply (Ivan Vecera) [RHEL-139699]
+- dpll: zl3073x: Allow to configure phase offset averaging factor (Ivan Vecera) [RHEL-139699]
+- dpll: add phase_offset_avg_factor_get/set callback ops (Ivan Vecera) [RHEL-139699]
+- dpll: add phase-offset-avg-factor device attribute to netlink spec (Ivan Vecera) [RHEL-139699]
+- dpll: fix clock quality level reporting (Ivan Vecera) [RHEL-139699]
+- dpll: add reference sync get/set (Ivan Vecera) [RHEL-139699]
+- dpll: add reference-sync netlink attribute (Ivan Vecera) [RHEL-139699]
+- dpll: remove documentation of rclk_dev_name (Ivan Vecera) [RHEL-139699]
+- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129084] {CVE-2025-40170}
+- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Hangbin Liu) [RHEL-129084]
+- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (Hangbin Liu) [RHEL-129084]
+- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129018] {CVE-2025-40135}
+- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128982] {CVE-2025-40158}
+- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-128982]
+- ipv4: use RCU protection in __ip_rt_update_pmtu() (Hangbin Liu) [RHEL-128982]
+- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-128982]
+- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-128982]
+- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (Hangbin Liu) [RHEL-128982]
+- vrf: Fix lockdep splat in output path (Hangbin Liu) [RHEL-128982]
+- ipv6: remove nexthop_fib6_nh_bh() (Hangbin Liu) [RHEL-128982]
+- net: remove rcu_dereference_bh_rtnl() (Hangbin Liu) [RHEL-128982]
+- neighbour: switch to standard rcu, instead of rcu_bh (Hangbin Liu) [RHEL-128982]
+- ipv6: flowlabel: do not disable BH where not needed (Hangbin Liu) [RHEL-128982]
+- ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh() (Hangbin Liu) [RHEL-128982]
+- neigh: introduce neigh_confirm() helper function (Hangbin Liu) [RHEL-128982]
+- net: bonding: update the slave array for broadcast mode (Hangbin Liu) [RHEL-132923]
+- net: bonding: add broadcast_neighbor netlink option (Hangbin Liu) [RHEL-132923]
+- net: bonding: add broadcast_neighbor option for 802.3ad (Hangbin Liu) [RHEL-132923]
+- vsock/vmci: Clear the vmci transport packet properly when initializing it (CKI Backport Bot) [RHEL-137697] {CVE-2025-38403}
+- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (CKI Backport Bot) [RHEL-136909] {CVE-2025-40269}
+- nvme: tcp: Fix compilation warning with W=1 (John Meneghini) [RHEL-129928]
+- nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (John Meneghini) [RHEL-129928]
+
+* Tue Jan 27 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.29.1.el9_7]
+- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138015] {CVE-2025-38415}
+- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138015] {CVE-2025-38415}
+- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137364] {CVE-2025-39760}
+- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CKI Backport Bot) [RHEL-137069] {CVE-2025-38024}
+
+* Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.28.1.el9_7]
+- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (Luiz Capitulino) [RHEL-133337]
+- s390: mm: add stub for hugetlb_optimize_vmemmap_key (Luiz Capitulino) [RHEL-133337]
+- fs/proc: fix uaf in proc_readdir_de() (CKI Backport Bot) [RHEL-137098] {CVE-2025-40271}
+- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136256] {CVE-2025-40318}
+- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CKI Backport Bot) [RHEL-134352] {CVE-2025-38022}
+- cifs: Fix deadlock in cifs_writepages during reconnect (Paulo Alcantara) [RHEL-134234]
+- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131974] {CVE-2025-37819}
+- net: openvswitch: fix nested key length validation in the set() action (CKI Backport Bot) [RHEL-131801] {CVE-2025-37789}
+- md: avoid repeated calls to del_gendisk (Nigel Croxon) [RHEL-126532]
+- md: delete mddev kobj before deleting gendisk kobj (Nigel Croxon) [RHEL-126532]
+- md: add legacy_async_del_gendisk mode (Nigel Croxon) [RHEL-126532]
+- md: Don't clear MD_CLOSING until mddev is freed (Nigel Croxon) [RHEL-126532]
+- md: fix create on open mddev lifetime regression (Nigel Croxon) [RHEL-126532]
+- md: call del_gendisk in control path (Nigel Croxon) [RHEL-126532]
+- Bluetooth: ISO: Fix possible UAF on iso_conn_free (CKI Backport Bot) [RHEL-128891] {CVE-2025-40141}
+
 * Tue Jan 20 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.27.1.el9_7]
 - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136822] {CVE-2025-38568}
 - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CKI Backport Bot) [RHEL-134923] {CVE-2025-40251}