Merge pull request #231352 from lovesegfault/kernel-updates

linuxKernel.kernels: update

1 files changed, 5 insertions, 4 deletions

diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix
index ddf588b5a277d..077f6ecb023a5 100644
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@@ -54,6 +54,11 @@ let
       };
       kernelPatches = kernel.kernelPatches ++ [
         kernelPatches.hardened.${kernel.meta.branch}
+      ] ++ lib.optionals (lib.versionAtLeast version "5.15") [
+        # Needed as long as hardened kernels are behind the first patch release
+        # containing the fix for CVE-2023-32233. Can most likely be removed after the
+        # next hardened kernel update.
+        kernelPatches.CVE-2023-32233
       ];
       isHardened = true;
   };
@@ -158,7 +163,6 @@ in {
         kernelPatches.bridge_stp_helper
         kernelPatches.request_key_helper
         kernelPatches.fix-em-ice-bonding
-        kernelPatches.CVE-2023-32233
       ];
     };
 
@@ -175,7 +179,6 @@ in {
         kernelPatches.bridge_stp_helper
         kernelPatches.request_key_helper
         kernelPatches.fix-em-ice-bonding
-        kernelPatches.CVE-2023-32233
       ];
     };
 
@@ -194,7 +197,6 @@ in {
         kernelPatches.bridge_stp_helper
         kernelPatches.request_key_helper
         kernelPatches.fix-em-ice-bonding
-        kernelPatches.CVE-2023-32233
       ];
     };
 
@@ -203,7 +205,6 @@ in {
         kernelPatches.bridge_stp_helper
         kernelPatches.request_key_helper
         kernelPatches.fix-em-ice-bonding
-        kernelPatches.CVE-2023-32233
       ];
     };