linuxKernels: ensure hardened kernels remain patched against CVE-2023-32233

2023-05-13 12:51:56 +02:00 · 2023-05-13 12:51:56 +02:00 · 99c8d675d2
commit 99c8d675d2
parent 3743a476a5
1 changed files with 5 additions and 0 deletions
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@ -54,6 +54,11 @@ let
      };
      kernelPatches = kernel.kernelPatches ++ [
        kernelPatches.hardened.${kernel.meta.branch}
+      ] ++ lib.optionals (lib.versionAtLeast version "5.15") [
+        # Needed as long as hardened kernels are behind the first patch release
+        # containing the fix for CVE-2023-32233. Can most likely be removed after the
+        # next hardened kernel update.
+        kernelPatches.CVE-2023-32233
      ];
      isHardened = true;
  };