diff --git a/.gitignore b/.gitignore
index 949eb88df..0568cc67f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-SOURCES/linux-4.18.0-553.121.1.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.123.1.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel.metadata b/.kernel.metadata
index ee1442cf5..fef3ba560 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,8 +1,8 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-a08cceeed86752cd9fcf5ae3c393706b01aebb0d SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
-51af9f65ba46f3af01601440512581d8a1ae7c3f SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-5e9a517613ef33401919cd0d1998c524299f2725 SOURCES/linux-4.18.0-553.121.1.el8_10.tar.xz
+16beeec466f9755c7ff70f7393c88320af46e2ed SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
+2318474e4033305aa0461e29d5962ca0a5dc24cb SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
+5a7ddf54de0b2233bda2448815fd1bbc324db233 SOURCES/linux-4.18.0-553.123.1.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index f66762d76..12f81cbcc 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.121.1.el8_10
+%define pkgrelease 553.123.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.121.1%{?dist}
+%define specrelease 553.123.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2707,6 +2707,25 @@ fi
 #
 #
 %changelog
+* Mon May 04 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.123.1.el8_10]
+- crypto: algif_aead - snapshot IV for async AEAD requests (Herbert Xu) [RHEL-172187]
+- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - reject short ahash digests during instance creation (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
+- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Herbert Xu) [RHEL-172187] {CVE-2026-23060}
+- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [RHEL-172187]
+- crypto: af_alg - limit RX SG extraction by receive buffer budget (Herbert Xu) [RHEL-172187] {CVE-2026-31677}
+- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
+- crypto: af-alg - fix NULL pointer dereference in scatterwalk (Herbert Xu) [RHEL-172187]
+- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Paolo Bonzini) [RHEL-153727] {CVE-2026-23401}
+
+* Fri Apr 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.122.1.el8_10]
+- nvme: avoid double free special payload (Maurizio Lombardi) [RHEL-51303] {CVE-2024-41073}
+- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166921] {CVE-2025-68724}
+- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Jay Shin) [RHEL-166155] {CVE-2025-40252}
+- kernel.h: Move ARRAY_SIZE() to a separate header (Jay Shin) [RHEL-166155] {CVE-2025-40252}
+
 * Wed Apr 15 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.121.1.el8_10]
 - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Scott Mayhew) [RHEL-167011] {CVE-2026-31402}