diff --git a/kernel.spec b/kernel.spec
index 138be5b89..12f81cbcc 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.122.1.el8_10
+%define pkgrelease 553.123.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.122.1%{?dist}
+%define specrelease 553.123.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2707,6 +2707,19 @@ fi
 #
 #
 %changelog
+* Mon May 04 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.123.1.el8_10]
+- crypto: algif_aead - snapshot IV for async AEAD requests (Herbert Xu) [RHEL-172187]
+- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - reject short ahash digests during instance creation (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [RHEL-172187]
+- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
+- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Herbert Xu) [RHEL-172187] {CVE-2026-23060}
+- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [RHEL-172187]
+- crypto: af_alg - limit RX SG extraction by receive buffer budget (Herbert Xu) [RHEL-172187] {CVE-2026-31677}
+- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
+- crypto: af-alg - fix NULL pointer dereference in scatterwalk (Herbert Xu) [RHEL-172187]
+- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Paolo Bonzini) [RHEL-153727] {CVE-2026-23401}
+
 * Fri Apr 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.122.1.el8_10]
 - nvme: avoid double free special payload (Maurizio Lombardi) [RHEL-51303] {CVE-2024-41073}
 - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166921] {CVE-2025-68724}
diff --git a/sources b/sources
index e965aacf1..7ad7bffea 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.122.1.el8_10.tar.xz) = f3915e6283d4e971cba5d6309c4b9e9f8f0689e069f24e97cd82c1b5a4a9a6522ce4c843fd363d2e7584102433b99053c6d8cea3c4e9f4ccecb178bb96b791ec
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 1fe63df881c093e7e4c27f9a7911337fff42ec53bc9e4292906b368b4a43789c59cbbe6b2084554ac09b2f3aee7069f3362f30a74be3468b0436ec997727d8ce
-SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8fb8a4d604e586fa3e918b92dc338459e86bedd46c00cd7716fc645d39451e035b3d027c84bea0428591433113ae18a38cac865742a6c3c4507465170427105a
+SHA512 (linux-4.18.0-553.123.1.el8_10.tar.xz) = 1f51acfa8ac4af2f329474f27f93d05ff61a54081b703baa805f00058930a193d4285206ca491a3d6b66cb4fb92db6378f39610d0d79e2e92028213cf125df57
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 125322c8ec8eb8f96bd76231692afa5ab2ca1932709585dd312c5e74fa70b2828ff57db0479095628e5b67c9e4c4b7d8cb0d6469a098c8cbd2ca9630d4b784a6
+SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 79a9788af0c183f670166700354b6a188c176427a6230b8bfaa2cfdc6a4daa1418bbee98d80b7f6b3195043eeef1ffa6782d03b5a1733b65a90c22f66684941f