diff --git a/pkgs/os-specific/linux/kernel/cve-2014-0196.patch b/pkgs/os-specific/linux/kernel/cve-2014-0196.patch
deleted file mode 100644
index 5234bab22075..000000000000
--- a/pkgs/os-specific/linux/kernel/cve-2014-0196.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=4291086b1f081b869c6d79e5b7441633dc3ace00
-
-diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 41fe8a0..fe9d129 100644
---- a/drivers/tty/n_tty.c
-+++ b/drivers/tty/n_tty.c
-@@ -2353,8 +2353,12 @@ static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
- 			if (tty->ops->flush_chars)
- 				tty->ops->flush_chars(tty);
- 		} else {
-+			struct n_tty_data *ldata = tty->disc_data;
-+
- 			while (nr > 0) {
-+				mutex_lock(&ldata->output_lock);
- 				c = tty->ops->write(tty, b, nr);
-+				mutex_unlock(&ldata->output_lock);
- 				if (c < 0) {
- 					retval = c;
- 					goto break_out;
--- 
-cgit v0.10.1
-
diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix
index 9c10d40fd3ee..6e94f2432c0f 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.12.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix
@@ -1,16 +1,14 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.12.19";
+  version = "3.12.20";
   extraMeta.branch = "3.12";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "1f59lyyyc4anaj50dzb9448gz6n9fdrcy2mvd7f193pp6018gdp6";
+    sha256 = "15pjvlqbbyif8s8mcpb7wf20fvbczhfp65mn6fd609j1p79nvqb9";
   };
 
-  kernelPatches = args.kernelPatches ++ [ { name = "cve-2014-0196"; patch = ./cve-2014-0196.patch; } ];
-
   features.iwlwifi = true;
   features.efiBootStub = true;
   features.needsCifsUtils = true;