diff --git a/download b/download
index 6edd98da4b7926978750142a4b0b6ee2512f6be7..c1232dc84da13c4eebb18f1d5176ad937cca73ed 100644
--- a/download
+++ b/download
@@ -1,3 +1,3 @@
-e8477f2d6aa843cc1c56cf17fd148ca5  kernel-abi-stablelists-4.18.0-553.tar.bz2
+97849b1a9ac1541d5bb822eea827f454  kernel-abi-stablelists-4.18.0-553.tar.bz2
 dacb6c59855053065f7f64fcfb9aa828  kernel-kabi-dw-4.18.0-553.tar.bz2
-bd0e3e4cf3d14c4b738312ab7694dfe2  linux-4.18.0-553.74.1.el8_10.tar.xz
+8cb77a851482c0760cbe00590f80e488  linux-4.18.0-553.78.1.el8_10.tar.xz
diff --git a/kernel.spec b/kernel.spec
index 6741f157bc8fa4d62277bcfb95a96994e5b1caa0..4d0c5364b34aebd803a56220a86f6c625ce27bf4 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -39,10 +39,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.74.1.el8_10
+%define pkgrelease 553.78.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.74.1%{anolis_release}%{?dist}
+%define specrelease 553.78.1%{anolis_release}%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2708,9 +2708,56 @@ fi
 #
 #
 %changelog
-* Thu Sep 11 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.74.1.0.1
+* Fri Oct 10 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.78.1.0.1
 - kernel:repair dwarves causes kernel compilation to fail
 
+* Thu Sep 25 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.78.1.el8_10]
+- mm/migrate: set swap entry values of THP tail pages properly. (Luiz Capitulino) [RHEL-101302]
+- smb: client: fix use-after-free in cifs_oplock_break (Paulo Alcantara) [RHEL-111190] {CVE-2025-38527}
+- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CKI Backport Bot) [RHEL-113603] {CVE-2025-39730}
+
+* Thu Sep 18 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.77.1.el8_10]
+- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797}
+- net_sched: hfsc: Fix a UAF vulnerability in class handling (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797}
+- net: openvswitch: Fix the dead loop of MPLS parse (Aaron Conole) [RHEL-95609]
+- sctp: linearize cloned gso packets in sctp_rcv (CKI Backport Bot) [RHEL-113329] {CVE-2025-38718}
+- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Charles Mirabile) [RHEL-109394] {CVE-2022-50087}
+- nfsd: don't ignore the return code of svc_proc_register() (Olga Kornievskaia) [RHEL-111639] {CVE-2025-22026}
+
+* Sun Sep 14 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.76.1.el8_10]
+- HID: core: Harden s32ton() against conversion to 0 bits (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- HID: stop exporting hid_snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- HID: simplify snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107299] {CVE-2025-38498}
+- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107299] {CVE-2025-38498}
+- xfs: make sure sb_fdblocks is non-negative (Pavel Reichl) [RHEL-104193]
+- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-105991] {CVE-2025-38461}
+
+* Tue Sep 09 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.75.1.el8_10]
+- Revert "module, async: async_synchronize_full() on module init iff async is used" (Herton R. Krzesinski) [RHEL-99812]
+- mm/page_alloc: make sure free_pcppages_bulk() bails when given count < 0 (Rafael Aquini) [RHEL-85453]
+- sch_cbq: make cbq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376]
+- net/sched: ets: use old 'nbands' while purging unused classes (Ivan Vecera) [RHEL-107541] {CVE-2025-38350}
+- net_sched: sch_ets: implement lockless ets_dump() (Ivan Vecera) [RHEL-107541] {CVE-2025-38350}
+- net/sched: Always pass notifications when child class becomes empty (Ivan Vecera) [RHEL-93376] {CVE-2025-38350}
+- net_sched: ets: fix a race in ets_qdisc_change() (Ivan Vecera) [RHEL-107541] {CVE-2025-38107}
+- sch_htb: make htb_deactivate() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-37953}
+- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Ivan Vecera) [RHEL-93376] {CVE-2025-37798}
+- sch_qfq: make qfq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-38350}
+- sch_drr: make drr_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-38350}
+- sch_htb: make htb_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-37932}
+- idpf: convert control queue mutex to a spinlock (CKI Backport Bot) [RHEL-106049] {CVE-2025-38392}
+- drm/framebuffer: Acquire internal references on GEM handles (Anusha Srivatsa) [RHEL-106684] {CVE-2025-38449}
+- drm/gem: Acquire references on GEM handles for framebuffers (Anusha Srivatsa) [RHEL-106684] {CVE-2025-38449}
+- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (partial) (Luis Claudio R. Goncalves) [RHEL-95713]
+- vmxnet3: disable rx data ring on dma allocation failure (Michal Schmidt) [RHEL-106160]
+- xfs: fix error returns from xfs_bmapi_write (Carlos Maiolino) [RHEL-93655]
+- xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space (Carlos Maiolino) [RHEL-93655]
+- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (CKI Backport Bot) [RHEL-112239] {CVE-2023-53125}
+- net: usb: smsc75xx: Limit packet length to skb->len (CKI Backport Bot) [RHEL-112239] {CVE-2023-53125}
+- PCI: Support BAR sizes up to 8TB (Myron Stowe) [RHEL-106671]
+
 * Sun Sep 07 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.74.1.el8_10]
 - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [RHEL-112775] {CVE-2025-38352}