lenn/nixos-hardware
1
0
Fork 0
mirror of https://github.com/NixOS/nixos-hardware.git synced 2025-11-04 17:27:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove insecure broadcom-sta driver from hardware profiles

Browse Source 
The broadcom-sta driver package is marked as insecure due to CVE-2019-9501
and CVE-2019-9502 (heap buffer overflow vulnerabilities allowing remote code
execution). The driver is also unmaintained and incompatible with modern
Linux kernel security mitigations.

Removed broadcom_sta from extraModulePackages and the corresponding "wl" kernel module.

This resolves test failures where Nixpkgs refuses to evaluate configurations
containing this insecure package.
This commit is contained in:
Jörg Thalheim
2025-10-30 13:03:59 +01:00
parent e214e292a6
commit b09586b101
5 changed files with 0 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apple/macbook-pro/11-1/default.nix
View File

@@ -6,9 +6,5 @@
../../../common/cpu/intel/haswell
];
# broadcom-wl
hardware.enableRedistributableFirmware = lib.mkDefault true;
# nixos-generate-config doesn't detect this automatically.
boot.extraModulePackages = with config.boot.kernelPackages; [ broadcom_sta ];
boot.kernelModules = [ "wl" ];
}