20 lines
451 B
Nix
20 lines
451 B
Nix
{ lib, pkgs, ... }:
|
|
|
|
{
|
|
# fix CVE-2026-31431
|
|
boot.kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.18.22") (
|
|
lib.mkDefault pkgs.linuxPackages_6_18
|
|
);
|
|
|
|
# fix CVE-2026-43500
|
|
boot.extraModprobeConfig = ''
|
|
install esp4 ${pkgs.coreutils}/bin/false
|
|
install esp6 ${pkgs.coreutils}/bin/false
|
|
install rxrpc ${pkgs.coreutils}/bin/false
|
|
'';
|
|
boot.blacklistedKernelModules = [
|
|
"esp4"
|
|
"esp6"
|
|
"rxrpc"
|
|
];
|
|
}
|