diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index 47fd62f..530c810 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -8,18 +8,18 @@ kver="$(uname -r)"
 ## Sometimes a slab can be used in a vulnerable way which an attacker can exploit.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 
-## Enables sanity checks (F) and redzoning (Z).
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
-
-## Zero memory at allocation and free time.
 if dpkg --compare-versions "$kver" ge "5.3"; then
+  ## Enables sanity checks (F) and redzoning (Z).
+  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
+
   #echo "## $kver grater or equal 5.3: yes"
+  ## Zero memory at allocation and free time.
   GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1"
 else
   #echo "## $kver grater or equal 5.3: no"
   ## SLUB poisoning and page poisoning is used if the kernel
   ## does not yet support init_on_{,alloc,free}.
-  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=P"
+  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZP"
 
   if command -v "qubesdb-read" >/dev/null 2>&1 ; then
      ## https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012