janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

temp: dirty-frag (CVE-2026-43284, CVE-2026-43500)

Browse Source
This commit is contained in:
Matej Janezic
2026-05-09 23:22:35 +02:00
parent 4a59f6b57c
commit fae6b25137
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/mkHost.nix
View File

@@ -87,6 +87,11 @@ nixpkgs.lib.nixosSystem {
{ nixpkgs.config.allowUnfree = true; } { nixpkgs.config.allowUnfree = true; }
{ networking.hostName = name; } { networking.hostName = name; }
# TEMP:(@janezicmatej) temporary mitigation for dirty frag
# blocks esp4/esp6 (CVE-2026-43284) and rxrpc (CVE-2026-43500)
# remove once nixpkgs ships a kernel with f4c50a4034e6 and the rxrpc fix
{ boot.blacklistedKernelModules = [ "esp4" "esp6" "rxrpc" ]; }
featureEnableModule featureEnableModule
hostConfig hostConfig
] ]