Skip Navigation

Linux @programming.dev

cm0002 @lemy.lol

5d ago

Linux Kernel Rust Code Sees Its First CVE Vulnerability

www.phoronix.com Linux Kernel Rust Code Sees Its First CVE Vulnerability

Linux Kernel Rust Code Sees Its First CVE Vulnerability

The first CVE vulnerability has been assigned to a piece of the Linux kernel's Rust code.
Greg Kroah-Hartman announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.
This first CVE for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.

Technology @lemmy.world

Linux Kernel Rust Code Sees Its First CVE Vulnerability

www.phoronix.com /news/First-Linux-Rust-CVE

Linux Kernel Rust Code Sees Its First CVE Vulnerability

184 49

Technology @lemmy.zip

Linux Kernel Rust Code Sees Its First CVE Vulnerability

www.phoronix.com /news/First-Linux-Rust-CVE

Linux Kernel Rust Code Sees Its First CVE Vulnerability

28 2

Hacker News @lemmy.bestiver.se

Linux Kernel Rust Code Sees Its First CVE Vulnerability

www.phoronix.com /news/First-Linux-Rust-CVE

Linux Kernel Rust Code Sees Its First CVE Vulnerability

10 0

4 comments

race condition ... unsafe... memory corruption of the previous/next pointers... crash.
I expected this for long enough. I am satisfied. Good. I wait for more.
- How's the weather up there, on your high horse?
  Rust wasn't meant to be the be-all, end-all solution to safety and soundness; it's meant to be better than the alternatives, confining potential memory safety issues to explicitly-annotated unsafe blocks.
  But, hey. That's okay. With that kind of gloating attitude, I'm sure your code is 100% safe and vulnerability free, too. Just remind me to never step foot anywhere near an industrial system or operating system using it.
- small
- Rust cannot help you if you disable the safety features, go figure.