diff --git a/kernel.spec b/kernel.spec
index af21b9766..e659998c4 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.10.1.el8_10
+%define pkgrelease 553.11.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.10.1%{?dist}
+%define specrelease 553.11.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,101 @@ fi
 #
 #
 %changelog
+* Wed Jul 03 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.11.1.el8_10]
+- x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-42121]
+- Revert "x86/bugs: Use fixed addressing for VERW operand" (Waiman Long) [RHEL-42121]
+- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-42121]
+- x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-42121]
+- Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-42121]
+- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-42121]
+- x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-42121]
+- KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-42121]
+- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-42121]
+- x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-42121]
+- x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-42121]
+- x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-42121]
+- x86/cpu: Fix Gracemont uarch (Waiman Long) [RHEL-42121]
+- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-42121]
+- KVM: VMX: Access @flags as a 32-bit value in __vmx_vcpu_run() (Waiman Long) [RHEL-42121]
+- x86/asm: Add _ASM_RIP() macro for x86-64 (%%rip) suffix (Waiman Long) [RHEL-42121]
+- x86/asm: Have the __ASM_FORM macros handle commas in arguments (Waiman Long) [RHEL-42121]
+- x86/asm: Allow to pass macros to __ASM_FORM() (Waiman Long) [RHEL-42121]
+- wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-39801] {CVE-2024-36921}
+- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-39784]
+- ipv4: Fix uninit-value access in __ip_make_skb() (Antoine Tenart) [RHEL-39784] {CVE-2024-36927}
+- perf mmap: Lazily initialize zstd streams to save memory when not using it (Michael Petlan) [RHEL-34876]
+- perf tools: Fix spelling mistake "commpressor" -> "compressor" (Michael Petlan) [RHEL-34876]
+- perf record: Introduce data transferred and compressed stats (Michael Petlan) [RHEL-34876]
+- perf record: Introduce compressor at mmap buffer object (Michael Petlan) [RHEL-34876]
+- perf record: Introduce bytes written stats (Michael Petlan) [RHEL-34876]
+- perf record: Introduce data file at mmap buffer object (Michael Petlan) [RHEL-34876]
+- perf record: Start threads in the beginning of trace streaming (Alexey Bayduraev) [RHEL-34876]
+- perf record: Stop threads in the end of trace streaming (Michael Petlan) [RHEL-34876]
+- perf record: Introduce thread local variable (Michael Petlan) [RHEL-34876]
+- perf record: Introduce function to propagate control commands (Michael Petlan) [RHEL-34876]
+- perf record: Introduce thread specific data array (Michael Petlan) [RHEL-34876]
+- tools lib: Introduce fdarray duplicate function (Michael Petlan) [RHEL-34876]
+- perf record: Introduce thread affinity and mmap masks (Michael Petlan) [RHEL-34876]
+- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-40901]
+- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Remove useless assignment (Bob Peterson) [RHEL-40901]
+- gfs2: simplify slot_get (Bob Peterson) [RHEL-40901]
+- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-40901]
+- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-40901]
+- gfs2: use constant for array size (Bob Peterson) [RHEL-40901]
+- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-40901]
+- gfs2: Remove useless err set (Bob Peterson) [RHEL-40901]
+- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-40901]
+- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-40901]
+- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-40901]
+- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-40901]
+- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-40901]
+- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-40901]
+- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-40901]
+- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-40901]
+- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-40901]
+- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-40901]
+- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-40901]
+- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-40901]
+- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-40901]
+- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-40901]
+- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
+- af_unix: Fix data-races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
+- af_unix: Fix data races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
+- perf/core: Fix event sibling list locking (Daniel Vacek) [RHEL-31798]
+- media: bttv: fix use after free error due to btv->timeout timer (Kate Hsuan) [RHEL-38256] {CVE-2023-52847}
+- arp: Prevent overflow in arp_req_get(). (Antoine Tenart) [RHEL-31706] {CVE-2024-26733}
+- Bluetooth: btusb: Add a new PID/VID 0489/e0c8 for MT7921 (David Marlin) [RHEL-10263]
+- mm: swap: fix race between free_swap_and_cache() and swapoff() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
+- swap: comments get_swap_device() with usage rule (Waiman Long) [RHEL-34971] {CVE-2024-26960}
+- mm/swapfile.c: __swap_entry_free() always free 1 entry (Waiman Long) [RHEL-34971] {CVE-2024-26960}
+- mm/swapfile.c: call free_swap_slot() in __swap_entry_free() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
+- mm/swapfile.c: use __try_to_reclaim_swap() in free_swap_and_cache() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
+- net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43788] {CVE-2022-48743}
+- ovl: fix warning in ovl_create_real() (cki-backport-bot) [RHEL-43652] {CVE-2021-47579}
+- net/sched: initialize noop_qdisc owner (Davide Caratti) [RHEL-35056]
+- net/sched: Fix mirred deadlock on device recursion (Davide Caratti) [RHEL-35056] {CVE-2024-27010}
+- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Pavel Reichl) [RHEL-45029] {CVE-2024-39276}
+- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-38713] {CVE-2021-47548}
+- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44396] {CVE-2024-33621}
+- mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26462] {CVE-2024-26586}
+- inet: inet_defrag: prevent sk release while still in use (Antoine Tenart) [RHEL-33398] {CVE-2024-26921}
+- skb_expand_head() adjust skb->truesize incorrectly (Antoine Tenart) [RHEL-33398]
+- nvmet: fix ns enable/disable possible hang (Ming Lei) [RHEL-43547]
+
 * Fri Jun 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.10.1.el8_10]
 - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (Scott Mayhew) [RHEL-38264] {CVE-2023-52803}
 - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39717] {CVE-2024-36025}
diff --git a/sources b/sources
index d6bafac0b..5861e7991 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.10.1.el8_10.tar.xz) = 6b12c5cb6e7ea2147023892e847c092b39800f15468b118641d34aed38b9e65284091d9938e5be37f25d71e1263026700970ceda06ebb10a48f4bfb1af4d0e6f
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 864378ecd12e02c035b33241415b81584fcec9f692c5ca4ce5a07ad26b48c7225bd36d5585426113b9e11170722fcb3422a61240c204f423ff64235bfa9e9ac6
+SHA512 (linux-4.18.0-553.11.1.el8_10.tar.xz) = 30bb98192c1cd91d5a52b6255893b09c8d44abfe0970fcdf79ac6192aaad0b36db9bbac6be30075fcf04074a17bcd15165ab15c988892cceb563784808634851
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 0044a0cf192c8257a4724fe17a26f5e61c8fae8e4ef63bbfebb2e02b28db91e3c45f2332d4068226e09ba9cb75e47d5b9eb48e2628533f7f248adc7493bce1e4
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf