Linux Kernel Rust Code Sees Its First CVE Vulnerability
([Linux Kernel] 4 Hours Ago
CVE-2025-68260)
- Reference: 0001599852
- News link: https://www.phoronix.com/news/First-Linux-Rust-CVE
- Source link:
The first CVE vulnerability has been assigned to a piece of the Linux kernel's Rust code.
Greg Kroah-Hartman [1]announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.
This first CVE for Rust code in the Linux kernel pertains to [2]the Android Binder rewrite in Rust . There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.
This CVE for the possible system crash is for Linux 6.18 and newer since the introduction of the Rust Binder driver. At least though it's just a possible system crash and not any more serious system compromise with remote code execution or other more severe issues.
More details on CVE-2025-68260 via the [3]Linux CVE mailing list .
[1] https://social.kernel.org/notice/B1JLrtkxEBazCPQHDM
[2] https://www.phoronix.com/news/Rust-Binder-For-Linux-6.18
[3] https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68260-558d@gregkh/T/#u
Greg Kroah-Hartman [1]announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.
This first CVE for Rust code in the Linux kernel pertains to [2]the Android Binder rewrite in Rust . There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.
This CVE for the possible system crash is for Linux 6.18 and newer since the introduction of the Rust Binder driver. At least though it's just a possible system crash and not any more serious system compromise with remote code execution or other more severe issues.
More details on CVE-2025-68260 via the [3]Linux CVE mailing list .
[1] https://social.kernel.org/notice/B1JLrtkxEBazCPQHDM
[2] https://www.phoronix.com/news/Rust-Binder-For-Linux-6.18
[3] https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68260-558d@gregkh/T/#u