Skip to content

Kernel updates 2026-05-08#517962

Merged
zowoq merged 4 commits intoNixOS:staging-nixosfrom
leona-ya:push-rlototuyrtto
May 8, 2026
Merged

Kernel updates 2026-05-08#517962
zowoq merged 4 commits intoNixOS:staging-nixosfrom
leona-ya:push-rlototuyrtto

Conversation

@leona-ya
Copy link
Copy Markdown
Member

@leona-ya leona-ya commented May 8, 2026
edited
Loading

xfrm: esp: avoid in-place decrypt on shared skb frags

fixes one of the dirtyfrag vulnerabilities (xfrm-ESP, CVE-2026-4328) for 6.6 and newer.

The other one (RxRPC, CVE-2026-43500) currently has no fix.

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

@leona-ya leona-ya added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-25.11 Backport PR automatically labels May 8, 2026
@nixpkgs-ci nixpkgs-ci Bot added 8.has: package (update) This PR updates a package to a newer version 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501-1000 This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-nixos-tests This PR causes rebuilds for all NixOS tests and should normally target the staging branches. 6.topic: kernel The Linux kernel labels May 8, 2026
@leona-ya
Copy link
Copy Markdown
Member Author

leona-ya commented May 8, 2026

I successfully built linux_7_0, linux_6_18, linux_6_12, linux_6_6 on x86_64-linux including their .passthru.tests

@leona-ya leona-ya marked this pull request as ready for review May 8, 2026 08:15
@nixpkgs-ci nixpkgs-ci Bot requested a review from a team May 8, 2026 08:18
@zowoq zowoq added this pull request to the merge queue May 8, 2026
Merged via the queue into NixOS:staging-nixos with commit 7a0782f May 8, 2026
40 checks passed
@nixpkgs-ci nixpkgs-ci Bot mentioned this pull request May 8, 2026
Merged
@nixpkgs-ci
Copy link
Copy Markdown
Contributor

nixpkgs-ci Bot commented May 8, 2026

Successfully created backport PR for release-25.11:

@github-actions github-actions Bot added the 8.has: port to stable This PR already has a backport to the stable release. label May 8, 2026
@leona-ya leona-ya deleted the push-rlototuyrtto branch May 8, 2026 09:17
@zowoq
Copy link
Copy Markdown
Contributor

zowoq commented May 8, 2026

fixes one of the dirtyfrag vulnerabilities (xfrm-ESP, CVE-2026-4328) for 6.6 and newer.

6.1 and older in #518045.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: kernel The Linux kernel 8.has: package (update) This PR updates a package to a newer version 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501-1000 This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-nixos-tests This PR causes rebuilds for all NixOS tests and should normally target the staging branches. backport release-25.11 Backport PR automatically

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leona-ya @zowoq