- cross-posted to:
- technology@lemmy.world
- hackernews
- cross-posted to:
- technology@lemmy.world
- hackernews
The first CVE vulnerability has been assigned to a piece of the Linux kernel’s Rust code.
Greg Kroah-Hartman announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.
This first CVE for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.
How’s the weather up there, on your high horse?
Rust wasn’t meant to be the be-all, end-all solution to safety and soundness; it’s meant to be better than the alternatives, confining potential memory safety issues to explicitly-annotated
unsafeblocks.But, hey. That’s okay. With that kind of gloating attitude, I’m sure your code is 100% safe and vulnerability free, too. Just remind me to never step foot anywhere near an industrial system or operating system using it.