Linux

10784 readers

674 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

Linux Kernel Rust Code Sees Its First CVE Vulnerability (www.phoronix.com)

submitted 1 week ago by cm0002@lemy.lol to c/linux@programming.dev

5 comments fedilink hide all child comments

The first CVE vulnerability has been assigned to a piece of the Linux kernel's Rust code.

Greg Kroah-Hartman announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.

This first CVE for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.

you are viewing a single comment's thread
view the rest of the comments

[–] pivot_root@lemmy.world 20 points 1 week ago* (last edited 1 week ago)

How's the weather up there, on your high horse?

Rust wasn't meant to be the be-all, end-all solution to safety and soundness; it's meant to be better than the alternatives, confining potential memory safety issues to explicitly-annotated unsafe blocks.

But, hey. That's okay. With that kind of gloating attitude, I'm sure your code is 100% safe and vulnerability free, too. Just remind me to never step foot anywhere near an industrial system or operating system using it.