GSA-6305-1: Linux Kernel Security Update Released for Gnoppix 23/25
Gnoppix Security issued an urgent update for the Linux kernel on March 5, 2026. This patch addresses a critical vulnerability that could allow local attackers to escalate privileges or cause a denial of service.
The Vulnerability
The flaw resides in the kernel’s IPv4 networking stack. A buffer overflow condition was discovered in the TCP connection handling code.
An unprivileged user can exploit this by sending specially crafted network packets. Successful exploitation could result in a system crash or arbitrary code execution with kernel privileges.
Affected Versions
- Gnoppix 23/25 (bookworm): All kernel images prior to the patched version.
- Gnoppix 25 (trixie): All kernel images prior to the patched version.
Immediate Action Required
System administrators must reboot their systems after applying this update. The fix only takes effect after a full system restart.
Remediation
The fix is included in kernel packages version 6.1.129-1 for Gnoppix 23/25. For Gnoppix 25, the patched version is 6.12.17-1. Apply updates using the standard package manager. - Please update your systems.