Unverified Commit 99c8d675 authored by Maximilian Bosch's avatar Maximilian Bosch
Browse files

linuxKernels: ensure hardened kernels remain patched against CVE-2023-32233

parent 3743a476

pkgs/top-level/linux-kernels.nix

+5 −0
Original line number Diff line number Diff line
@@ -54,6 +54,11 @@ let 
      };

      kernelPatches = kernel.kernelPatches ++ [

        kernelPatches.hardened.${kernel.meta.branch}

      ] ++ lib.optionals (lib.versionAtLeast version "5.15") [

        # Needed as long as hardened kernels are behind the first patch release

        # containing the fix for CVE-2023-32233. Can most likely be removed after the

        # next hardened kernel update.

        kernelPatches.CVE-2023-32233

      ];

      isHardened = true;

  };