From 99c8d675d2986be0fa262c01b3b6374dcad9da1e Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sat, 13 May 2023 12:51:56 +0200
Subject: [PATCH] linuxKernels: ensure hardened kernels remain patched against
 CVE-2023-32233

---
 pkgs/top-level/linux-kernels.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix
index 22181e59b91e..077f6ecb023a 100644
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@@ -54,6 +54,11 @@ let
       };
       kernelPatches = kernel.kernelPatches ++ [
         kernelPatches.hardened.${kernel.meta.branch}
+      ] ++ lib.optionals (lib.versionAtLeast version "5.15") [
+        # Needed as long as hardened kernels are behind the first patch release
+        # containing the fix for CVE-2023-32233. Can most likely be removed after the
+        # next hardened kernel update.
+        kernelPatches.CVE-2023-32233
       ];
       isHardened = true;
   };