Linux Kernel Rust Code Sees Its First CVE Vulnerability

DRANK

The first CVE vulnerability has been assigned to a piece of the Linux kernel's Rust code.Greg Kroah-Hartmanannouncedthat the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.This first CVE for Rust code in the Linux kernel pertains tothe Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.This CVE for the possible system crash is for Linux 6.18 and newer since the introduction of the Rust Binder driver. At least though it's just a possible system crash and not any more serious system compromise with remote code execution or other more severe issues.More details on CVE-2025-68260 via theLinux CVE mailing list.