diff --git a/.kernel.checksum b/.kernel.checksum
index 12081a33b803acde9c9d507af3623b03e7f40e32..0d38cecd8e49630e95f2413b0482c43c6bdffe51 100644
--- a/.kernel.checksum
+++ b/.kernel.checksum
@@ -1 +1 @@
-f606e7b8b119cd826b6d772360309663ed08dc2c89213c565c10b213c24fd5d4
+18a65a2cef93a1180a8ab86f6fdf6ec14c2835a51a9fafc8d0d2e77444ee3441
diff --git a/.kernel.metadata b/.kernel.metadata
index 8acbbb90b5159df9abec4ef8dea79fdd2c2be873..a79558fddad67175e56a47cbe5031b4cdd61f617 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,6 +1,6 @@
-5ea409d8eeec1b8b6d5ebeff0393749d2ca41e93d4678eeb49c542db5166e692 SOURCES/kernel-abi-stablelists-5.14.0-503.16.1.el9_5.tar.bz2
-1a1a5c502ba0e30c5868da3cff2dc70b93b71d2156c7ea2e770f7cbfa182de74 SOURCES/kernel-kabi-dw-5.14.0-503.16.1.el9_5.tar.bz2
-90a74e987f794d3c61fb2458bcefd5a4457d148c8ebc64422c3cc5f62bf51031 SOURCES/linux-5.14.0-503.16.1.el9_5.tar.xz
+a0d1d9d826f5cd9019a9a43ce009d9b64f217ba65a4597d527fc13061db1cd53 SOURCES/kernel-abi-stablelists-5.14.0-503.19.1.el9_5.tar.bz2
+3167413ce4e53f0e473277ab4c0d6655974e977af0f45b6d94ebad659bde40d0 SOURCES/kernel-kabi-dw-5.14.0-503.19.1.el9_5.tar.bz2
+047b0f26d41b81a709d036e1fb7763f5a42757b636eb1b269447f100aced700f SOURCES/linux-5.14.0-503.19.1.el9_5.tar.xz
 ca3aa0979f9426736d382747bba165e71ea4c42a2fb736d78fd8a4c4b7b58ad4 SOURCES/nvidiagpuoot001.x509
 af61197112f29a3a52f3825d363fe3103dc98cad269763071ee86eb2aedc139b SOURCES/rheldup3.x509
 b466265282193c17b3256b199ecc3bdd986797b4a82ad841de4a132132e9f6ab SOURCES/rhelima.x509
diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver
index 79064eef52e4ac214e49b0932ba7bc64842e525f..99b8eb0796878d29d8af6500fae8c83cd9ba9582 100644
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 5
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 503.16.1
+RHEL_RELEASE = 503.19.1
 
 #
 # ZSTREAM
diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog
index baf67eae8a95f218cfcf9f521d3000b6bc7dd1d9..9fc95e0cd0b1ec66199af74ef0112148a51cf191 100644
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@@ -1,3 +1,52 @@
+* Fri Dec 06 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.19.1.el9_5]
+- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66462 RHEL-66461] {CVE-2024-50142}
+- xfrm: fix one more kernel-infoleak in algo dumping (CKI Backport Bot) [RHEL-65960] {CVE-2024-50110}
+- Revert "Merge: [qed] softlockup triggered by ethtool -d  [rhel-9.5.z]" (Lucas Zampieri) [RHEL-61705]
+- tracing/hwlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468]
+- tracing/timerlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468] {CVE-2024-49866}
+- tracing/timerlat: Drop interface_lock in stop_kthread() (Tomas Glozar) [RHEL-69468]
+- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (Tomas Glozar) [RHEL-69468]
+- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61416 RHEL-60255]
+Resolves: RHEL-61416, RHEL-61705, RHEL-65960, RHEL-66462, RHEL-69468
+
+* Tue Dec 03 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.18.1.el9_5]
+- bpf: Fix a kernel verifier crash in stacksafe() (CKI Backport Bot) [RHEL-66097 RHEL-66098] {CVE-2024-45020}
+- bpf: Fix a sdiv overflow issue (CKI Backport Bot) [RHEL-64598 RHEL-64597] {CVE-2024-49888}
+- bpf: Fix out-of-bounds write in trie_get_next_key() (CKI Backport Bot) [RHEL-66877] {CVE-2024-50262}
+- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CKI Backport Bot) [RHEL-63331] {CVE-2024-47675}
+- nfsd: ensure that nfsd4_fattr_args.context is zeroed out (Jay Shin) [RHEL-58884 RHEL-58883] {CVE-2024-46697}
+- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Jon Maloy) [RHEL-65872] {CVE-2024-50115}
+- net: tighten bad gso csum offset check in virtio_net_hdr (Guillaume Nault) [RHEL-67683]
+- udp: fix receiving fraglist GSO packets (Guillaume Nault) [RHEL-67683]
+- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CKI Backport Bot) [RHEL-66804] {CVE-2024-50255}
+- Bluetooth: ISO: Fix UAF on iso_sock_timeout (Bastien Nocera) [RHEL-66321] {CVE-2024-50124}
+- Bluetooth: SCO: Fix UAF on sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-50125}
+- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-27398}
+- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CKI Backport Bot) [RHEL-44173] {CVE-2024-38564}
+- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CKI Backport Bot) [RHEL-66365] {CVE-2024-50148}
+- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CKI Backport Bot) [RHEL-57716 RHEL-36374] {CVE-2024-27399}
+Resolves: RHEL-44173, RHEL-57716, RHEL-58884, RHEL-63331, RHEL-64598, RHEL-65872, RHEL-65928, RHEL-66097, RHEL-66321, RHEL-66365, RHEL-66804, RHEL-66877, RHEL-67683
+
+* Thu Nov 28 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.17.1.el9_5]
+- arm64: probes: Remove broken LDR (literal) uprobe support (CKI Backport Bot) [RHEL-66046] {CVE-2024-50099}
+- qed: put cond_resched() in qed_dmae_operation_wait() (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: allow the callee of qed_mcp_nvm_read() to sleep (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: put cond_resched() in qed_grc_dump_ctx_data() (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: make 'ethtool -d' 10 times faster (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: allow sleep in qed_mcp_trace_dump() (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- sched/numa: Fix the potential null pointer dereference in task_numa_work() (CKI Backport Bot) [RHEL-66810] {CVE-2024-50223}
+- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
+- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
+- perf/x86/intel/uncore: Support HBM and CXL PMON counters (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Cleanup unused unit structure (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Support per PMU cpumask (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Save the unit control address of all units (Michael Petlan) [RHEL-65856]
+Resolves: RHEL-61705, RHEL-65856, RHEL-66046, RHEL-66810, RHEL-66969
+
 * Thu Nov 21 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.16.1.el9_5]
 - s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-64902 RHEL-55873]
 - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Steve Best) [RHEL-65436 RHEL-27748] {CVE-2024-26615}
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index d71f0e170eef26dab2c580c39c5733cd663eb1d6..01edf8406fa57d0cd78e4b8ebd4c4fa3dad18eda 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 503.16.1
+%define pkgrelease 503.19.1
 %define kversion 5
-%define tarfile_release 5.14.0-503.16.1.el9_5
+%define tarfile_release 5.14.0-503.19.1.el9_5
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 503.16.1%{?buildid}%{?dist}
+%define specrelease 503.19.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-503.16.1.el9_5
+%define kabiversion 5.14.0-503.19.1.el9_5
 
 #
 # End of genspec.sh variables
@@ -3795,10 +3795,56 @@ fi
 #
 #
 %changelog
-* Wed Dec 11 2024 Release Engineering <releng@rockylinux.org> - 5.14.0-503.16.1
+* Thu Dec 19 2024 Release Engineering <releng@rockylinux.org> - 5.14.0-503.19.1
 - Porting to Rocky Linux 9, debranding and Rocky branding
 - Ensure aarch64 kernel is not compressed
 
+* Fri Dec 06 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.19.1.el9_5]
+- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66462 RHEL-66461] {CVE-2024-50142}
+- xfrm: fix one more kernel-infoleak in algo dumping (CKI Backport Bot) [RHEL-65960] {CVE-2024-50110}
+- Revert "Merge: [qed] softlockup triggered by ethtool -d  [rhel-9.5.z]" (Lucas Zampieri) [RHEL-61705]
+- tracing/hwlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468]
+- tracing/timerlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468] {CVE-2024-49866}
+- tracing/timerlat: Drop interface_lock in stop_kthread() (Tomas Glozar) [RHEL-69468]
+- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (Tomas Glozar) [RHEL-69468]
+- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61416 RHEL-60255]
+
+* Tue Dec 03 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.18.1.el9_5]
+- bpf: Fix a kernel verifier crash in stacksafe() (CKI Backport Bot) [RHEL-66097 RHEL-66098] {CVE-2024-45020}
+- bpf: Fix a sdiv overflow issue (CKI Backport Bot) [RHEL-64598 RHEL-64597] {CVE-2024-49888}
+- bpf: Fix out-of-bounds write in trie_get_next_key() (CKI Backport Bot) [RHEL-66877] {CVE-2024-50262}
+- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CKI Backport Bot) [RHEL-63331] {CVE-2024-47675}
+- nfsd: ensure that nfsd4_fattr_args.context is zeroed out (Jay Shin) [RHEL-58884 RHEL-58883] {CVE-2024-46697}
+- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Jon Maloy) [RHEL-65872] {CVE-2024-50115}
+- net: tighten bad gso csum offset check in virtio_net_hdr (Guillaume Nault) [RHEL-67683]
+- udp: fix receiving fraglist GSO packets (Guillaume Nault) [RHEL-67683]
+- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CKI Backport Bot) [RHEL-66804] {CVE-2024-50255}
+- Bluetooth: ISO: Fix UAF on iso_sock_timeout (Bastien Nocera) [RHEL-66321] {CVE-2024-50124}
+- Bluetooth: SCO: Fix UAF on sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-50125}
+- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-27398}
+- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CKI Backport Bot) [RHEL-44173] {CVE-2024-38564}
+- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CKI Backport Bot) [RHEL-66365] {CVE-2024-50148}
+- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CKI Backport Bot) [RHEL-57716 RHEL-36374] {CVE-2024-27399}
+
+* Thu Nov 28 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.17.1.el9_5]
+- arm64: probes: Remove broken LDR (literal) uprobe support (CKI Backport Bot) [RHEL-66046] {CVE-2024-50099}
+- qed: put cond_resched() in qed_dmae_operation_wait() (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: allow the callee of qed_mcp_nvm_read() to sleep (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: put cond_resched() in qed_grc_dump_ctx_data() (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: make 'ethtool -d' 10 times faster (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- qed: allow sleep in qed_mcp_trace_dump() (Michal Schmidt) [RHEL-61705 RHEL-6372]
+- sched/numa: Fix the potential null pointer dereference in task_numa_work() (CKI Backport Bot) [RHEL-66810] {CVE-2024-50223}
+- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
+- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
+- perf/x86/intel/uncore: Support HBM and CXL PMON counters (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Cleanup unused unit structure (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Support per PMU cpumask (Michael Petlan) [RHEL-65856]
+- perf/x86/uncore: Save the unit control address of all units (Michael Petlan) [RHEL-65856]
+
 * Thu Nov 21 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.16.1.el9_5]
 - s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-64902 RHEL-55873]
 - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Steve Best) [RHEL-65436 RHEL-27748] {CVE-2024-26615}