nixos-hardware/default.nix at 43ffe9ac82567512abb83187cb673de1091bdfa8 - nixos-hardware - Gitlenn: Git for lenn

lenn/nixos-hardware

mirror of https://github.com/NixOS/nixos-hardware.git synced 2025-11-04 17:27:14 +08:00

Files

Jörg Thalheim b09586b101 Remove insecure broadcom-sta driver from hardware profiles

The broadcom-sta driver package is marked as insecure due to CVE-2019-9501
and CVE-2019-9502 (heap buffer overflow vulnerabilities allowing remote code
execution). The driver is also unmaintained and incompatible with modern
Linux kernel security mitigations.

Removed broadcom_sta from extraModulePackages and the corresponding "wl" kernel module.

This resolves test failures where Nixpkgs refuses to evaluate configurations
containing this insecure package.

2025-10-30 13:04:01 +01:00

21 lines

299 B

Nix

Raw Blame History

 { config, lib, ... }:
 {
   imports = [
     ../../../common/cpu/intel
     ../../../common/pc/laptop
     ../../../common/pc/ssd
   ];
   services = {
     fwupd.enable = lib.mkDefault true;
     thermald.enable = lib.mkDefault true;
   };
   boot = {
     kernelModules = [
       "kvm-intel"
     ];
   };
 }