Commit `9e63ce682af0`

Vincent Demeester <vincent@sbr.pm>

2026-02-24 09:53:27

fix(okinawa): disable mem alloc profiling

Worked around CVE-2025-37774 which caused kernel NULL pointer dereferences in __alloc_tagging_slab_alloc_hook, leading to full system freezes.

main

1 parent 6d262a8

Changed files (1)

systems

okinawa

boot.nix

@@ -38,6 +38,11 @@
     kernelParams = [
       # Optional: Deep sleep if you do use suspend occasionally
       # "mem_sleep_default=deep"
+
+      # Disable memory allocation profiling to work around kernel slab
+      # allocator crashes in __alloc_tagging_slab_alloc_hook (CVE-2025-37774)
+      # https://www.cve.org/CVERecord?id=CVE-2025-37774
+      "sysctl.vm.mem_profiling=0"
     ];
 
     # Blacklist unnecessary wireless modules

Commit 9e63ce682af0

Commit `9e63ce682af0`