diff --git a/Makefile.rhelver b/Makefile.rhelver
index 4a25b306b..859320276 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 0
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 40
+RHEL_RELEASE = 41
 
 #
 # RHEL_REBASE_NUM
diff --git a/kernel.changelog b/kernel.changelog
index 2e8910ae5..7b2dbc098 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,48 @@
+* Tue Jan 14 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-41.el10]
+- netfilter: IDLETIMER: Fix for possible ABBA deadlock (Phil Sutter) [RHEL-70301]
+- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-73194]
+- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [RHEL-68691]
+- sched/numa: fix memory leak due to the overwritten vma->numab_state (Phil Auld) [RHEL-67478]
+- netfilter: ipset: Fix for recursive locking warning (Phil Sutter) [RHEL-71827]
+- NFSD: Mark exports of NFS as unsupported (Benjamin Coddington) [RHEL-50656]
+- netdev-genl: Hold rcu_read_lock in napi_get (Paolo Abeni) [RHEL-73205]
+- net: avoid potential UAF in default_operstate() (Paolo Abeni) [RHEL-73205] {CVE-2024-56635}
+- net: defer final 'struct net' free in netns dismantle (Paolo Abeni) [RHEL-73205] {CVE-2024-56658}
+- net: restrict SO_REUSEPORT to inet sockets (Paolo Abeni) [RHEL-73205]
+- Revert "rtnetlink: add guard for RTNL" (Paolo Abeni) [RHEL-73205]
+- netlink: fix false positive warning in extack during dumps (Paolo Abeni) [RHEL-73205] {CVE-2024-53212}
+- tcp: check space before adding MPTCP SYN options (Paolo Abeni) [RHEL-73143]
+- net: fix memory leak in tcp_conn_request() (Paolo Abeni) [RHEL-73143]
+- Revert "udp: avoid calling sock_def_readable() if possible" (Paolo Abeni) [RHEL-73132]
+- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [RHEL-69538]
+- redhat: make kernel-debug-uki-virt installable without kernel-debug-core (Vitaly Kuznetsov) [RHEL-72983]
+- KVM: arm64: Fix S1/S2 combination when FWB==1 and S2 has Device memory type (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Add error handling in vgic_its_cache_translation (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: selftests: Add tests for MMIO external abort injection (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: selftests: Convert to kernel's ESR terminology (Shaoqin Huang) [RHEL-68039]
+- tools: arm64: Grab a copy of esr.h from kernel (Shaoqin Huang) [RHEL-68039]
+- KVM: selftests: Don't bother deleting memslots in KVM when freeing VMs (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Add stronger type-checking to the ITS entry sizes (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic: Kill VGIC_MAX_PRIVATE definition (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic: Make vgic_get_irq() more robust (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Pass on SVE mapping failures (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Don't map 'kvm_vgic_global_state' at EL2 with pKVM (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Just advertise SEIS as 0 when emulating ICC_CTLR_EL1 (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Don't retire aborted MMIO instruction (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Get rid of userspace_irqchip_in_use (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Initialize trap register values in hyp in pKVM (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Initialize the hypervisor's VM state at EL2 (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Refactor kvm_vcpu_enable_ptrauth() for hyp use (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Move pkvm_vcpu_init_traps() to init_pkvm_hyp_vcpu() (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE (Shaoqin Huang) [RHEL-68039]
+Resolves: RHEL-50656, RHEL-67478, RHEL-68039, RHEL-68691, RHEL-69538, RHEL-70301, RHEL-71827, RHEL-72983, RHEL-73132, RHEL-73143, RHEL-73194, RHEL-73205
+
 * Sun Jan 12 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-40.el10]
 - selftests: netfilter: Stabilize rpath.sh (Phil Sutter) [RHEL-71139]
 - redhat/configs: automotive: disable CONFIG_AIO (Davide Caratti) [RHEL-71905]
diff --git a/kernel.spec b/kernel.spec
index 299c09b80..9f4bcb5fb 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -162,15 +162,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 40
+%define pkgrelease 41
 %define kversion 6
-%define tarfile_release 6.12.0-40.el10
+%define tarfile_release 6.12.0-41.el10
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 40%{?buildid}%{?dist}
+%define specrelease 41%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-40.el10
+%define kabiversion 6.12.0-41.el10
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -1659,7 +1659,7 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{uname_variant %{
 %package %{?1:%{1}-}uki-virt\
 Summary: %{variant_summary} unified kernel image for virtual machines\
 Provides: installonlypkg(kernel)\
-Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\
+Provides: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\
 Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\
 Requires(pre): %{kernel_prereq}\
 Requires(pre): systemd >= 254-1\
@@ -4300,6 +4300,50 @@ fi\
 #
 #
 %changelog
+* Tue Jan 14 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-41.el10]
+- netfilter: IDLETIMER: Fix for possible ABBA deadlock (Phil Sutter) [RHEL-70301]
+- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-73194]
+- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [RHEL-68691]
+- sched/numa: fix memory leak due to the overwritten vma->numab_state (Phil Auld) [RHEL-67478]
+- netfilter: ipset: Fix for recursive locking warning (Phil Sutter) [RHEL-71827]
+- NFSD: Mark exports of NFS as unsupported (Benjamin Coddington) [RHEL-50656]
+- netdev-genl: Hold rcu_read_lock in napi_get (Paolo Abeni) [RHEL-73205]
+- net: avoid potential UAF in default_operstate() (Paolo Abeni) [RHEL-73205] {CVE-2024-56635}
+- net: defer final 'struct net' free in netns dismantle (Paolo Abeni) [RHEL-73205] {CVE-2024-56658}
+- net: restrict SO_REUSEPORT to inet sockets (Paolo Abeni) [RHEL-73205]
+- Revert "rtnetlink: add guard for RTNL" (Paolo Abeni) [RHEL-73205]
+- netlink: fix false positive warning in extack during dumps (Paolo Abeni) [RHEL-73205] {CVE-2024-53212}
+- tcp: check space before adding MPTCP SYN options (Paolo Abeni) [RHEL-73143]
+- net: fix memory leak in tcp_conn_request() (Paolo Abeni) [RHEL-73143]
+- Revert "udp: avoid calling sock_def_readable() if possible" (Paolo Abeni) [RHEL-73132]
+- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [RHEL-69538]
+- redhat: make kernel-debug-uki-virt installable without kernel-debug-core (Vitaly Kuznetsov) [RHEL-72983]
+- KVM: arm64: Fix S1/S2 combination when FWB==1 and S2 has Device memory type (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Add error handling in vgic_its_cache_translation (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: selftests: Add tests for MMIO external abort injection (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: selftests: Convert to kernel's ESR terminology (Shaoqin Huang) [RHEL-68039]
+- tools: arm64: Grab a copy of esr.h from kernel (Shaoqin Huang) [RHEL-68039]
+- KVM: selftests: Don't bother deleting memslots in KVM when freeing VMs (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Add stronger type-checking to the ITS entry sizes (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic: Kill VGIC_MAX_PRIVATE definition (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic: Make vgic_get_irq() more robust (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Pass on SVE mapping failures (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Don't map 'kvm_vgic_global_state' at EL2 with pKVM (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Just advertise SEIS as 0 when emulating ICC_CTLR_EL1 (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Don't retire aborted MMIO instruction (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Get rid of userspace_irqchip_in_use (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Initialize trap register values in hyp in pKVM (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Initialize the hypervisor's VM state at EL2 (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Refactor kvm_vcpu_enable_ptrauth() for hyp use (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Move pkvm_vcpu_init_traps() to init_pkvm_hyp_vcpu() (Shaoqin Huang) [RHEL-68039]
+- KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE (Shaoqin Huang) [RHEL-68039]
+
 * Sun Jan 12 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-40.el10]
 - selftests: netfilter: Stabilize rpath.sh (Phil Sutter) [RHEL-71139]
 - redhat/configs: automotive: disable CONFIG_AIO (Davide Caratti) [RHEL-71905]
diff --git a/sources b/sources
index 0dfe24519..09eadbe60 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
 SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
 SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
-SHA512 (linux-6.12.0-40.el10.tar.xz) = fd036f52c23fcf65974b100b54e2ddfdce9139d923058025216a338fe5952467f125d472cffaf451f8e23268839c373324ea7fd0e789af97aad7a80c0dd18265
-SHA512 (kernel-abi-stablelists-6.12.0-40.el10.tar.xz) = 50236d609f682e8af9e90dd453bb30ac3e859e3ccc26948bee0e17e33289441288127eeebc56712888d1345d8ae3d730e05e81444b41442a286a29dcd4a305e6
-SHA512 (kernel-kabi-dw-6.12.0-40.el10.tar.xz) = fded83376b56df7cb4c5e79cd53f35164980429fbd707954c3aca8e372ba226664c84cdf805ca3b14b994f16cd61ee9a47d16f2a5c5c88decdd59303a2231ffb
+SHA512 (linux-6.12.0-41.el10.tar.xz) = af128077b40c4167d512158541f7f34d2ab0857465c89585bab0b390f088a9f269e0a13de856a231968bc982b4afe47343063d76e84a6c8782448ca38a7d4a1a
+SHA512 (kernel-abi-stablelists-6.12.0-41.el10.tar.xz) = 13ebe1dac82ab02efc0c24f791c4a920057c650817ff3c1f1f7aeaa72744a88815b4d08beba466230d32118a9a09f0b185a199e9cd8f15926ea65f890eef373a
+SHA512 (kernel-kabi-dw-6.12.0-41.el10.tar.xz) = 04db766bc8abd75b27eb18f13acb36fda60bcc70860d20a8fe380a1ccff301574850f4f2b15fb5b32ae7b15b2d4c5ef0bf47eca130d9c18349cb7d5c1abe49f7