From 21b53744cda1b621d1b690fc626aa8328962c904 Mon Sep 17 00:00:00 2001
From: sid <sid@sid.ovh>
Date: Sat, 2 May 2026 23:09:45 +0200
Subject: [PATCH] fix CVE-2026-31431

---
 modules/nixos/common/boot.nix    | 8 ++++++++
 modules/nixos/common/default.nix | 1 +
 2 files changed, 9 insertions(+)
 create mode 100644 modules/nixos/common/boot.nix

diff --git a/modules/nixos/common/boot.nix b/modules/nixos/common/boot.nix
new file mode 100644
index 0000000..c1859bd
--- /dev/null
+++ b/modules/nixos/common/boot.nix
@@ -0,0 +1,8 @@
+{ lib, pkgs, ... }:
+
+{
+  # fix CVE-2026-31431
+  boot.kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.18.22") (
+    lib.mkDefault pkgs.linuxPackages_6_18
+  );
+}
diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix
index 9847a07..bea1546 100644
--- a/modules/nixos/common/default.nix
+++ b/modules/nixos/common/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./boot.nix
     ./environment.nix
     ./htop.nix
     ./nationalization.nix
-- 
2.51.2