diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index d4c4738be75..7273d805a32 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -23,15 +23,20 @@ stdenv.mkDerivation rec {
     ++ lib.optionals stdenv.isLinux [ fuse ];
 
   # Only use glibc's __GNUC_PREREQ(X,Y) (checks if compiler is gcc version >= X.Y) when using glibc
-  patches = if stdenv.hostPlatform.libc == "glibc" then null
-    else [
-      (fetchpatch {
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-1304.patch";
+      url = "https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/patch/?id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76";
+      sha256 = "sha256-YEEow34/81NBOc6F6FS6i505FCQ7GHeIz0a0qWNs7Fg=";
+    })
+  ] ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [
+    (fetchpatch {
       url = "https://raw.githubusercontent.com/void-linux/void-packages/9583597eb3e6e6b33f61dbc615d511ce030bc443/srcpkgs/e2fsprogs/patches/fix-glibcism.patch";
       sha256 = "1gfcsr0i3q8q2f0lqza8na0iy4l4p3cbii51ds6zmj0y4hz2dwhb";
       excludes = [ "lib/ext2fs/hashmap.h" ];
       extraPrefix = "";
-      })
-    ];
+    })
+  ];
 
   postPatch = ''
     # Remove six failing tests