The first CVE vulnerability has been assigned to a piece of the Linux kernel’s Rust code.

Greg Kroah-Hartman announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.

This first CVE for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.

  • Lembot_0006@programming.dev
    325·
    17 hours ago

    race condition … unsafe… memory corruption of the previous/next pointers… crash.

    I expected this for long enough. I am satisfied. Good. I wait for more.

    • pivot_root@lemmy.world
      111·
      7 hours ago

      How’s the weather up there, on your high horse?

      Rust wasn’t meant to be the be-all, end-all solution to safety and soundness; it’s meant to be better than the alternatives, confining potential memory safety issues to explicitly-annotated unsafe blocks.

      But, hey. That’s okay. With that kind of gloating attitude, I’m sure your code is 100% safe and vulnerability free, too. Just remind me to never step foot anywhere near an industrial system or operating system using it.