diff --git a/.gitignore b/.gitignore
index 51beb91..bdc9d97 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-SOURCES/linux-4.18.0-553.82.1.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.83.1.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel.metadata b/.kernel.metadata
index 12dc4b5..b1c0608 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,8 +1,8 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-d76baaa9de304e9364ce75ef4067da9025248f84 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
-49b7afc6ac8117cbe2ee06f0639c4fe7a16fb3bc SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-da31829c933ba13029d233c28bec8c8acb45a69a SOURCES/linux-4.18.0-553.82.1.el8_10.tar.xz
+1091a8cbf46a0a3c8010a548ded076dbeb55f7fc SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
+2318474e4033305aa0461e29d5962ca0a5dc24cb SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
+152c531960a2b4c733d9a8dd3cfd300ee8d53201 SOURCES/linux-4.18.0-553.83.1.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SOURCES/kernel-x86_64-debug.config b/SOURCES/kernel-x86_64-debug.config
index 779f161..213c7e2 100644
--- a/SOURCES/kernel-x86_64-debug.config
+++ b/SOURCES/kernel-x86_64-debug.config
@@ -3936,6 +3936,7 @@ CONFIG_MISDN_L1OIP=m
 CONFIG_MISDN_NETJET=m
 CONFIG_MISDN_SPEEDFAX=m
 CONFIG_MISDN_W6692=m
+CONFIG_MITIGATION_VMSCAPE=y
 CONFIG_MLX4_EN=m
 CONFIG_MLX4_EN_DCB=y
 CONFIG_MLX4_INFINIBAND=m
diff --git a/SOURCES/kernel-x86_64.config b/SOURCES/kernel-x86_64.config
index c7fc8a8..805cd4e 100644
--- a/SOURCES/kernel-x86_64.config
+++ b/SOURCES/kernel-x86_64.config
@@ -3936,6 +3936,7 @@ CONFIG_MISDN_L1OIP=m
 CONFIG_MISDN_NETJET=m
 CONFIG_MISDN_SPEEDFAX=m
 CONFIG_MISDN_W6692=m
+CONFIG_MITIGATION_VMSCAPE=y
 CONFIG_MLX4_EN=m
 CONFIG_MLX4_EN_DCB=y
 CONFIG_MLX4_INFINIBAND=m
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index f2cb1bb..d04497f 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.82.1.el8_10
+%define pkgrelease 553.83.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.82.1%{?dist}
+%define specrelease 553.83.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2705,6 +2705,29 @@ fi
 #
 #
 %changelog
+* Thu Oct 30 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.83.1.el8_10]
+- fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367}
+- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285]
+- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781]
+- i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781]
+- i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781]
+- bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781]
+- bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781]
+- qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757]
+- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215]
+- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215]
+- jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215]
+- s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611]
+- mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
+- mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
+
 * Thu Oct 23 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.82.1.el8_10]
 - smb: client: fix missing timestamp updates after utime(2) (Paulo Alcantara) [RHEL-109431]
 - cifs: fix leak of iface for primary channel (Paulo Alcantara) [RHEL-109546]