lenn/nixos-hardware
1
0
Fork 0
mirror of https://github.com/NixOS/nixos-hardware.git synced 2025-11-04 09:17:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove insecure broadcom-sta driver from hardware profiles

Browse Source 
The broadcom-sta driver package is marked as insecure due to CVE-2019-9501
and CVE-2019-9502 (heap buffer overflow vulnerabilities allowing remote code
execution). The driver is also unmaintained and incompatible with modern
Linux kernel security mitigations.

Removed broadcom_sta from extraModulePackages and the corresponding "wl" kernel module.

This resolves test failures where Nixpkgs refuses to evaluate configurations
containing this insecure package.
This commit is contained in:
Jörg Thalheim
2025-10-30 13:03:59 +01:00
parent e214e292a6
commit b09586b101
5 changed files with 0 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dell/inspiron/3442/default.nix
View File

@@ -12,10 +12,4 @@
fwupd.enable = lib.mkDefault true;
thermald.enable = lib.mkDefault true;
};
boot = {
# needs to be explicitly loaded or else bluetooth/wifi won't work.
kernelModules = [ "wl" ];
extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
};
}