diff --git a/Patchlist.changelog b/Patchlist.changelog
index 00475c0e3..cae9726b5 100644
--- a/Patchlist.changelog
+++ b/Patchlist.changelog
@@ -1,3 +1,6 @@
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/f65fe5e93408aed742291b98358a9873317a59ef
+ f65fe5e93408aed742291b98358a9873317a59ef Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
+
 "https://gitlab.com/cki-project/kernel-ark/-/commit"/11fa2c73bc247b4d40c71e3220ead390202a2043
  11fa2c73bc247b4d40c71e3220ead390202a2043 selftests: openvswitch: Add validation for the recursion test
 
diff --git a/kernel.changelog b/kernel.changelog
index 75f1d6612..1377dedb6 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,9 @@
+* Wed Mar 06 2024 Augusto Caringi <acaringi@redhat.com> [6.7.9-0]
+- Add some CVE fixes for 6.7.9 (Justin M. Forbes)
+- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
+- Linux v6.7.9
+Resolves: 
+
 * Sun Mar 03 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.7.8-0]
 - Linux v6.7.8
 Resolves: 
diff --git a/kernel.spec b/kernel.spec
index b15127290..9a5808ca0 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -160,18 +160,18 @@ Summary: The Linux kernel
 #  the --with-release option overrides this setting.)
 %define debugbuildsenabled 1
 # define buildid .local
-%define specrpmversion 6.7.8
-%define specversion 6.7.8
+%define specrpmversion 6.7.9
+%define specversion 6.7.9
 %define patchversion 6.7
 %define pkgrelease 100
 %define kversion 6
-%define tarfile_release 6.7.8
+%define tarfile_release 6.7.9
 # This is needed to do merge window version magic
 %define patchlevel 7
 # This allows pkg_release to have configurable %%{?dist} tag
 %define specrelease 100%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.7.8
+%define kabiversion 6.7.9
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -3847,6 +3847,11 @@ fi\
 #
 #
 %changelog
+* Wed Mar 06 2024 Augusto Caringi <acaringi@redhat.com> [6.7.9-0]
+- Add some CVE fixes for 6.7.9 (Justin M. Forbes)
+- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
+- Linux v6.7.9
+
 * Sun Mar 03 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.7.8-0]
 - Linux v6.7.8
 
diff --git a/patch-6.7-redhat.patch b/patch-6.7-redhat.patch
index 08536e108..365623b6a 100644
--- a/patch-6.7-redhat.patch
+++ b/patch-6.7-redhat.patch
@@ -32,6 +32,7 @@
  include/linux/security.h                           |   5 +
  kernel/module/main.c                               |   2 +
  kernel/module/signing.c                            |   9 +-
+ net/bluetooth/rfcomm/core.c                        |   2 +-
  scripts/mod/modpost.c                              |   8 +
  scripts/tags.sh                                    |   2 +
  security/integrity/platform_certs/load_uefi.c      |   6 +-
@@ -41,7 +42,7 @@
  tools/power/cpupower/Makefile                      |   2 +-
  .../selftests/net/openvswitch/openvswitch.sh       |  13 ++
  .../testing/selftests/net/openvswitch/ovs-dpctl.py |  71 +++++++--
- 43 files changed, 770 insertions(+), 194 deletions(-)
+ 44 files changed, 771 insertions(+), 195 deletions(-)
 
 diff --git a/Documentation/admin-guide/laptops/thinkpad-acpi.rst b/Documentation/admin-guide/laptops/thinkpad-acpi.rst
 index 98d304010170..7f674a6cfa8a 100644
@@ -69,7 +70,7 @@ index 98d304010170..7f674a6cfa8a 100644
  
  0x1020	0x1F	unknown
 diff --git a/Makefile b/Makefile
-index 6569f2255d50..a2a34ca1e63b 100644
+index f1a592b7c7bc..27fc5bc7b1bb 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@@ -1505,6 +1506,19 @@ index a2ff4242e623..f0d2be1ee4f1 100644
  }
  
  int module_sig_check(struct load_info *info, int flags)
+diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
+index 053ef8f25fae..1d34d8497033 100644
+--- a/net/bluetooth/rfcomm/core.c
++++ b/net/bluetooth/rfcomm/core.c
+@@ -1941,7 +1941,7 @@ static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
+ 	/* Get data directly from socket receive queue without copying it. */
+ 	while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
+ 		skb_orphan(skb);
+-		if (!skb_linearize(skb)) {
++		if (!skb_linearize(skb) && sk->sk_state != BT_CLOSED) {
+ 			s = rfcomm_recv_frame(s, skb);
+ 			if (!s)
+ 				break;
 diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
 index f7c4d3fe4381..7fd1ef7930c6 100644
 --- a/scripts/mod/modpost.c
diff --git a/sources b/sources
index 31c69b539..39fbcae49 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
 SHA512 (kernel-abi-stablelists-6.5.12.tar.bz2) = ea72bdfb5065f430c0b7076ba49f8fbc1b16f861dc4182f1ee5bc8a809f8f3103d97766e5719354f8163a77235a759a65cc7d4efc66e314dcc658ceda6a77016
 SHA512 (kernel-kabi-dw-6.5.12.tar.bz2) = 7fc7372de576d1f3602abe70483edf30cf635a6d4175261bb44e1b7d4b413bc045b1e2affc0dbe6bf710a7c10b4a5c26c7fd47d8b8e7fe4bee2a25e2fd80b13a
-SHA512 (linux-6.7.8.tar.xz) = c0f2a3101bcd322587d352a8f31bc5b60e32f3ad9f5e4374e07e0c7e1dde9e850f649ade300483f9ff992a47c4d424cbdf4d4f8f6b6f5511770567624a1078f3
-SHA512 (kernel-abi-stablelists-6.7.8.tar.xz) = a9853476dfbbb79b39bab7b8c31232267289961735c9817ca550ff2094799f5eaaa70812b91831828fc291a4a62017bcab26cf672ce145d492cd026a4b69d33e
-SHA512 (kernel-kabi-dw-6.7.8.tar.xz) = 6f120c2f89161dd3cbff60bd35f1c7a0268b8ece4acc25aab157b9b0e1016443844a25c46185c0833dff165bafa4e575953e31a4d03883b5447cccac05a92917
+SHA512 (linux-6.7.9.tar.xz) = a2e400edacb78691868cc061e5a2fcc8649b8703c517da5661ab93defa4f920d0f3a9865c2ab30cbf1af2f78530367bf0df5aae846609feb02602501f23c9694
+SHA512 (kernel-abi-stablelists-6.7.9.tar.xz) = 66991a14d93820aaf50db0f612c8376fcdb7140d2a62624bed11dc32550ae8bf7c4eff6b352220d4aefeda48ced182803a5f4d7c136b1bd88a10de17800b7ac0
+SHA512 (kernel-kabi-dw-6.7.9.tar.xz) = e074222c81a4b1268e46bb37251ed0a3391dec447b1e852ddf5ee3ff3d30d52a9bbc278eb65ec97b95cd3cc0f079b6b67c24d21150b95c675aaf73683e3fac0b