Linux Kernel Rust Code Sees Its First CVE Vulnerability

I think the other takeaway here is that it was found in a section marked "unsafe". At the very least, that's a useful tool for the Devs to isolate potential problem areas. Comparing that to a pure C codebase where the problem could be anywhere.

Boone? There are plenty of fan boys out there that are selling rust like AI, or in other words snake oil.

Rust obviously has built in securities that C doesn't have, but a shitty coder is a shitty coder and bad QC is bad QC. Now we're seeing the reality of the consequences.

Rust and/or other memory safe(r) languages are like the future, but hopefully more people are now seeing the cracks. Just look at cloudflare for a prime example.

You're so right! The Linux kernel should be re-written as a Deno executable

Back luck Brian kernel developer.

almost as if using a memory safe language actually reduces the CVEs related to memory

Because Rust lets you choose when something is unsafe vs writing all unsafe in code all the time:

Note the other 159 kernel CVEs issued today for fixes in the C portion of the codebase

it's not like the whole driver is written in unsafe rust

Mostly to attract new, younger kernel maintainers.

unsafe is usually used only when you need to interact with something else like low level or ffi

Because Rust is the popular thing in FOSS/Linux at the moment.