diff --git a/Makefile.rhelver b/Makefile.rhelver
index b378f2433..5523ea889 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 8
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 661
+RHEL_RELEASE = 662
 
 #
 # ZSTREAM
diff --git a/kernel.changelog b/kernel.changelog
index fd1842cac..87f93c196 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,118 @@
+* Sat Jan 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-662.el9]
+- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139463] {CVE-2025-68305}
+- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (Guillaume Nault) [RHEL-138491]
+- net: ethtool: update set_rxfh_indir to use ethtool_get_rx_ring_count helper (Ivan Vecera) [RHEL-132646]
+- net: ethtool: update set_rxfh to use ethtool_get_rx_ring_count helper (Ivan Vecera) [RHEL-132646]
+- net: ethtool: add get_rx_ring_count callback to optimize RX ring queries (Ivan Vecera) [RHEL-132646]
+- net: ethtool: remove the duplicated handling from ethtool_get_rxrings (Ivan Vecera) [RHEL-132646]
+- net: ethtool: add support for ETHTOOL_GRXRINGS ioctl (Ivan Vecera) [RHEL-132646]
+- net: ethtool: pass the num of RX rings directly to ethtool_copy_validate_indir (Ivan Vecera) [RHEL-132646]
+- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Adrian Moreno) [RHEL-137482]
+- powercap: intel_rapl: Add support for Wildcat Lake platform (CKI Backport Bot) [RHEL-95625]
+- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136967] {CVE-2025-40294}
+- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136823] {CVE-2025-38568}
+- net/handshake: Fix memory leak in tls_handshake_accept() (Olga Kornievskaia) [RHEL-134735]
+- NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() (Olga Kornievskaia) [RHEL-134735]
+- NFS: sysfs: fix leak when nfs_client kobject add fails (Olga Kornievskaia) [RHEL-134735]
+- pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS (Olga Kornievskaia) [RHEL-134735]
+- pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Skip close replay processing if XDR encoding fails (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Encode COMPOUND operation status on page boundaries (Olga Kornievskaia) [RHEL-134735]
+- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Fix crash in nfsd4_read_release() (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Olga Kornievskaia) [RHEL-134735]
+- NFSv4.1: fix backchannel max_resp_sz verification check (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (Olga Kornievskaia) [RHEL-134735]
+- sunrpc: fix null pointer dereference on zero-length checksum (Olga Kornievskaia) [RHEL-134735]
+- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136257] {CVE-2025-40318}
+- net: vlan: sync VLAN features with lower device (CKI Backport Bot) [RHEL-80409]
+- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134449] {CVE-2025-40258}
+- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134005] {CVE-2025-40240}
+- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-116117]
+- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-116117]
+- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-116117]
+- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-116117]
+- ipv4/route: avoid unused-but-set-variable warning (Guillaume Nault) [RHEL-116117]
+- net: vxlan: prevent NULL deref in vxlan_xmit_one (Antoine Tenart) [RHEL-133365]
+- openvswitch: Stricter validation for the userspace action (Paolo Valerio) [RHEL-115648]
+- openvswitch: Fix unsafe attribute parsing in output_userspace() (Paolo Valerio) [RHEL-115648]
+- net: openvswitch: fix nested key length validation in the set() action (Paolo Valerio) [RHEL-115648]
+- openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Paolo Valerio) [RHEL-115648]
+- openvswitch: fix lockup on tx to unregistering netdev with carrier (Paolo Valerio) [RHEL-115648]
+- ethtool: Don't check for RXFH fields conflict when no input_xfrm is requested (Ivan Vecera) [RHEL-127561]
+- net: ethtool: don't mux RXFH via rxnfc callbacks (Ivan Vecera) [RHEL-127561]
+- eth: hns3: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: hinic: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: nfp: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: mlx5: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: qede: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: benet: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sfc: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sfc: siena: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sfc: falcon: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sxgbe: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: dpaa2: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: dpaa: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: niu: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: otx2: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: thunder: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: ena: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: bnxt: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: bnx2x: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: iavf: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: ice: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: i40e: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: fm10k: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: ixgbe: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: igc: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: igb: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: e1000e: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: lan743x: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: cxgb4: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: cisco: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: gianfar: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- net: drv: hyperv: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- net: drv: virtio: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- net: drv: vmxnet3: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: remove empty RXFH handling from drivers (Ivan Vecera) [RHEL-127561]
+- net: ethtool: add dedicated callbacks for getting and setting rxfh fields (Ivan Vecera) [RHEL-127561]
+- net: ethtool: require drivers to opt into the per-RSS ctx RXFH (Ivan Vecera) [RHEL-127561]
+- net: ethtool: remove the duplicated handling from rxfh and rxnfc (Ivan Vecera) [RHEL-127561]
+- net: ethtool: copy the rxfh flow handling (Ivan Vecera) [RHEL-127561]
+- net: ethtool: mm: reset verification status when link is down (Ivan Vecera) [RHEL-127569]
+- net: ethtool: mm: extract stmmac verification logic into common library (Ivan Vecera) [RHEL-127569]
+- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129085] {CVE-2025-40170}
+- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Hangbin Liu) [RHEL-129085]
+- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (Hangbin Liu) [RHEL-129085]
+- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129022] {CVE-2025-40135}
+- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128985] {CVE-2025-40158}
+- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-128985]
+- ipv4: use RCU protection in __ip_rt_update_pmtu() (Hangbin Liu) [RHEL-128985]
+- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-128985]
+- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-128985]
+- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (Hangbin Liu) [RHEL-128985]
+- vrf: Fix lockdep splat in output path (Hangbin Liu) [RHEL-128985]
+- ipv6: remove nexthop_fib6_nh_bh() (Hangbin Liu) [RHEL-128985]
+- net: remove rcu_dereference_bh_rtnl() (Hangbin Liu) [RHEL-128985]
+- neighbour: switch to standard rcu, instead of rcu_bh (Hangbin Liu) [RHEL-128985]
+- ipv6: flowlabel: do not disable BH where not needed (Hangbin Liu) [RHEL-128985]
+- ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh() (Hangbin Liu) [RHEL-128985]
+- neigh: introduce neigh_confirm() helper function (Hangbin Liu) [RHEL-128985]
+- net: Prevent use after free in netif_napi_set_irq_locked() (Petr Oros) [RHEL-83023]
+- net: move aRFS rmap management and CPU affinity to core (Petr Oros) [RHEL-83023]
+- xfrm: Check inner packet family directly from skb_dst (Hangbin Liu) [RHEL-95005]
+- xfrm: fix offloading of cross-family tunnels (Hangbin Liu) [RHEL-95005]
+- udp: also consider secpath when evaluating ipsec use for checksumming (Hangbin Liu) [RHEL-95005]
+- xfrm: restore GSO for SW crypto (Hangbin Liu) [RHEL-95005]
+- xfrm: always initialize offload path (Hangbin Liu) [RHEL-95005]
+- xfrm: check for PMTU in tunnel mode for packet offload (Hangbin Liu) [RHEL-95005]
+- xfrm: provide common xdo_dev_offload_ok callback implementation (Hangbin Liu) [RHEL-95005]
+- xfrm: rely on XFRM offload (Hangbin Liu) [RHEL-95005]
+- xfrm: simplify SA initialization routine (Hangbin Liu) [RHEL-95005]
+- xfrm: delay initialization of offload path till its actually requested (Hangbin Liu) [RHEL-95005]
+Resolves: RHEL-115648, RHEL-116117, RHEL-127561, RHEL-127569, RHEL-128985, RHEL-129022, RHEL-129085, RHEL-132646, RHEL-133365, RHEL-134005, RHEL-134449, RHEL-134735, RHEL-136257, RHEL-136823, RHEL-136967, RHEL-137482, RHEL-138491, RHEL-139463, RHEL-80409, RHEL-83023, RHEL-95005, RHEL-95625
+
 * Fri Jan 16 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-661.el9]
 - iavf: avoid deadlock by cancelling work without netdev lock in remove path (Mohammad Heib) [RHEL-130117]
 - tools/power turbostat: Validate APERF access for VMWARE (David Arcari) [RHEL-127044]
diff --git a/kernel.spec b/kernel.spec
index d8af031ba..7ec1ba724 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 661
+%define pkgrelease 662
 %define kversion 5
-%define tarfile_release 5.14.0-661.el9
+%define tarfile_release 5.14.0-662.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 661%{?buildid}%{?dist}
+%define specrelease 662%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-661.el9
+%define kabiversion 5.14.0-662.el9
 
 #
 # End of genspec.sh variables
@@ -3703,6 +3703,120 @@ fi
 #
 #
 %changelog
+* Sat Jan 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-662.el9]
+- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139463] {CVE-2025-68305}
+- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (Guillaume Nault) [RHEL-138491]
+- net: ethtool: update set_rxfh_indir to use ethtool_get_rx_ring_count helper (Ivan Vecera) [RHEL-132646]
+- net: ethtool: update set_rxfh to use ethtool_get_rx_ring_count helper (Ivan Vecera) [RHEL-132646]
+- net: ethtool: add get_rx_ring_count callback to optimize RX ring queries (Ivan Vecera) [RHEL-132646]
+- net: ethtool: remove the duplicated handling from ethtool_get_rxrings (Ivan Vecera) [RHEL-132646]
+- net: ethtool: add support for ETHTOOL_GRXRINGS ioctl (Ivan Vecera) [RHEL-132646]
+- net: ethtool: pass the num of RX rings directly to ethtool_copy_validate_indir (Ivan Vecera) [RHEL-132646]
+- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Adrian Moreno) [RHEL-137482]
+- powercap: intel_rapl: Add support for Wildcat Lake platform (CKI Backport Bot) [RHEL-95625]
+- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136967] {CVE-2025-40294}
+- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136823] {CVE-2025-38568}
+- net/handshake: Fix memory leak in tls_handshake_accept() (Olga Kornievskaia) [RHEL-134735]
+- NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() (Olga Kornievskaia) [RHEL-134735]
+- NFS: sysfs: fix leak when nfs_client kobject add fails (Olga Kornievskaia) [RHEL-134735]
+- pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS (Olga Kornievskaia) [RHEL-134735]
+- pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Skip close replay processing if XDR encoding fails (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Encode COMPOUND operation status on page boundaries (Olga Kornievskaia) [RHEL-134735]
+- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Fix crash in nfsd4_read_release() (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Olga Kornievskaia) [RHEL-134735]
+- NFSv4.1: fix backchannel max_resp_sz verification check (Olga Kornievskaia) [RHEL-134735]
+- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (Olga Kornievskaia) [RHEL-134735]
+- sunrpc: fix null pointer dereference on zero-length checksum (Olga Kornievskaia) [RHEL-134735]
+- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136257] {CVE-2025-40318}
+- net: vlan: sync VLAN features with lower device (CKI Backport Bot) [RHEL-80409]
+- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134449] {CVE-2025-40258}
+- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134005] {CVE-2025-40240}
+- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-116117]
+- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-116117]
+- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-116117]
+- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-116117]
+- ipv4/route: avoid unused-but-set-variable warning (Guillaume Nault) [RHEL-116117]
+- net: vxlan: prevent NULL deref in vxlan_xmit_one (Antoine Tenart) [RHEL-133365]
+- openvswitch: Stricter validation for the userspace action (Paolo Valerio) [RHEL-115648]
+- openvswitch: Fix unsafe attribute parsing in output_userspace() (Paolo Valerio) [RHEL-115648]
+- net: openvswitch: fix nested key length validation in the set() action (Paolo Valerio) [RHEL-115648]
+- openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Paolo Valerio) [RHEL-115648]
+- openvswitch: fix lockup on tx to unregistering netdev with carrier (Paolo Valerio) [RHEL-115648]
+- ethtool: Don't check for RXFH fields conflict when no input_xfrm is requested (Ivan Vecera) [RHEL-127561]
+- net: ethtool: don't mux RXFH via rxnfc callbacks (Ivan Vecera) [RHEL-127561]
+- eth: hns3: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: hinic: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: nfp: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: mlx5: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: qede: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: benet: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sfc: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sfc: siena: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sfc: falcon: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: sxgbe: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: dpaa2: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: dpaa: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: niu: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: otx2: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: thunder: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: ena: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: bnxt: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: bnx2x: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: iavf: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: ice: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: i40e: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: fm10k: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: ixgbe: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: igc: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: igb: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: e1000e: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: lan743x: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: cxgb4: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: cisco: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: gianfar: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- net: drv: hyperv: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- net: drv: virtio: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- net: drv: vmxnet3: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
+- eth: remove empty RXFH handling from drivers (Ivan Vecera) [RHEL-127561]
+- net: ethtool: add dedicated callbacks for getting and setting rxfh fields (Ivan Vecera) [RHEL-127561]
+- net: ethtool: require drivers to opt into the per-RSS ctx RXFH (Ivan Vecera) [RHEL-127561]
+- net: ethtool: remove the duplicated handling from rxfh and rxnfc (Ivan Vecera) [RHEL-127561]
+- net: ethtool: copy the rxfh flow handling (Ivan Vecera) [RHEL-127561]
+- net: ethtool: mm: reset verification status when link is down (Ivan Vecera) [RHEL-127569]
+- net: ethtool: mm: extract stmmac verification logic into common library (Ivan Vecera) [RHEL-127569]
+- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129085] {CVE-2025-40170}
+- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Hangbin Liu) [RHEL-129085]
+- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (Hangbin Liu) [RHEL-129085]
+- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129022] {CVE-2025-40135}
+- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128985] {CVE-2025-40158}
+- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-128985]
+- ipv4: use RCU protection in __ip_rt_update_pmtu() (Hangbin Liu) [RHEL-128985]
+- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-128985]
+- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-128985]
+- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (Hangbin Liu) [RHEL-128985]
+- vrf: Fix lockdep splat in output path (Hangbin Liu) [RHEL-128985]
+- ipv6: remove nexthop_fib6_nh_bh() (Hangbin Liu) [RHEL-128985]
+- net: remove rcu_dereference_bh_rtnl() (Hangbin Liu) [RHEL-128985]
+- neighbour: switch to standard rcu, instead of rcu_bh (Hangbin Liu) [RHEL-128985]
+- ipv6: flowlabel: do not disable BH where not needed (Hangbin Liu) [RHEL-128985]
+- ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh() (Hangbin Liu) [RHEL-128985]
+- neigh: introduce neigh_confirm() helper function (Hangbin Liu) [RHEL-128985]
+- net: Prevent use after free in netif_napi_set_irq_locked() (Petr Oros) [RHEL-83023]
+- net: move aRFS rmap management and CPU affinity to core (Petr Oros) [RHEL-83023]
+- xfrm: Check inner packet family directly from skb_dst (Hangbin Liu) [RHEL-95005]
+- xfrm: fix offloading of cross-family tunnels (Hangbin Liu) [RHEL-95005]
+- udp: also consider secpath when evaluating ipsec use for checksumming (Hangbin Liu) [RHEL-95005]
+- xfrm: restore GSO for SW crypto (Hangbin Liu) [RHEL-95005]
+- xfrm: always initialize offload path (Hangbin Liu) [RHEL-95005]
+- xfrm: check for PMTU in tunnel mode for packet offload (Hangbin Liu) [RHEL-95005]
+- xfrm: provide common xdo_dev_offload_ok callback implementation (Hangbin Liu) [RHEL-95005]
+- xfrm: rely on XFRM offload (Hangbin Liu) [RHEL-95005]
+- xfrm: simplify SA initialization routine (Hangbin Liu) [RHEL-95005]
+- xfrm: delay initialization of offload path till its actually requested (Hangbin Liu) [RHEL-95005]
+
 * Fri Jan 16 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-661.el9]
 - iavf: avoid deadlock by cancelling work without netdev lock in remove path (Mohammad Heib) [RHEL-130117]
 - tools/power turbostat: Validate APERF access for VMWARE (David Arcari) [RHEL-127044]
diff --git a/sources b/sources
index b46a17752..95708d69d 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-661.el9.tar.xz) = 5379ff82fc0acf857a2ea1d8a490fc8c18fd32e29e59387484f4dcf8c02853fd3afea56c1b01e46b150d57d616bfad907dd0b75017fd9a1568dba8044554faef
-SHA512 (kernel-abi-stablelists-5.14.0-661.el9.tar.bz2) = bd0fcccc79991152724300235591626ef92d48129ee0c3bb86ecc5b2bd4f69dd5c3dba07117f0b23633ab798f280d4e0caddace0598f178d221c51bc84fe3d7c
-SHA512 (kernel-kabi-dw-5.14.0-661.el9.tar.bz2) = 595ddd4be4aa439f07da567ba54e74783d8db47ede66049c492825c747ea592cc635ab7510f884d913ad27f39740dd1de504275baafd91a60a7d0d19287a9b83
+SHA512 (linux-5.14.0-662.el9.tar.xz) = 1a2f3b0a5c7106fffa95aa41d4c6b29c08d5233f8ced7b9186a8cb12bfcae4b3c01438141adde67abb4e207717af8b1ea5b6bc76076f9383b268b1452d6165be
+SHA512 (kernel-abi-stablelists-5.14.0-662.el9.tar.bz2) = fe16354dfaa142b4fab1f60f5ac88ec9cca59c74587afa75efa37d45b9e09173612602a9722e8ea42529289974158c152a971894c8e591bb624496ebfefd0460
+SHA512 (kernel-kabi-dw-5.14.0-662.el9.tar.bz2) = cfafe4c843da394ee69775314e986be576b2267941b0b8a3dc6c0690fbd80c219d3b35e69c2ea6088c5d13cf9ff162069e56b11fddf838333db935a22aab5197