Security Vulnerability Found in Rust Linux Kernel Code

Posted16 days agoActive9 days ago

lelanthran

21 points

7 comments

git.kernel.orgSecuritystory

informativeneutral

Debate

20/100

LinuxRustCode Vulnerabilities

Key topics

Linux

Rust

Code Vulnerabilities

Discussion Activity

Active discussion

First comment

51m

Peak period

0-12h

Avg / period

6.7

Key moments

01Story posted
Dec 18, 2025 at 1:33 AM EST
16 days ago
Step 01
02First comment
Dec 18, 2025 at 2:25 AM EST
51m after posting
Step 02
03Peak activity
18 comments in 0-12h
Hottest window of the conversation
Step 03
04Latest activity
Dec 25, 2025 at 11:00 AM EST
9 days ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (7 comments)

Showing 20 comments

pityJuke

16 days ago

2 replies

Within the Android drivers, right?

jeroenhd

16 days ago

1 reply

Technically, binder is still part of Linux, even if it's not enabled by default in many cases.

This "security vulnerability" is just a local DoS though. Annoying and problematic as it effectively bypasses controls over power on/off behaviour, but as far as I can tell from this report, no memory is leaked and no code execution can be achieved.

yourdetect

16 days ago

It's UB, it is not memory safe, so in theory, and often also in practice with this specific kind of bug, absolutely anything could happen, including code execution.

Greg Kroah-Hartman's comment is both wrong and perplexing.

uhfraid

16 days ago

yes

dizhn

16 days ago

1 reply

The URL this points to does not say anything about security. There's an example of a race condition causing memory corruption and a crash.

LukeShu

16 days ago

While it doesn't add much more info: https://lore.kernel.org/linux-cve-announce/2025121614-CVE-20...

thesz

16 days ago

1 reply

The mistake there is a classical example of why (software) transactional memory is valuable. Double linked lists are trivial in single core execution, need PhD level understanding of everything in multicore execution and become trivial again in multicore execution with (S)TM.

Rust has troubles with STM because it lacks anything resembling effect system. Most probably, this will not be fixed.

dlahoda

16 days ago

1 reply

may you share links to read or vote to understand better and push for?

thesz

9 days ago

https://timharris.uk/papers/2005-ppopp-composable.pdf - Composable Memory Transactions.

Page 13 discuss why imperative approach like Rust's may fail in delivering transactional memory and why arbitrary-side-effect-free transactions in Haskell are, in fact, very composable due to effects separation inside STM and IO monads.

arowthway

16 days ago

4 replies

I hate this bot-detection anime girl popping up on my monitor while I pretend to be working. Same goes for the funny pictures at the beginning of some Github readmes. Sorry for complaining about a tangential annoyance, but I haven't seen this particular sentiment expressed yet.

udjdndndjdjr

16 days ago

2 replies

I had an idea!

Instead of using this to do some proof of work, why not just get the bot detector to mine bitcoin or something...

I mean it is just as useless... And at least the website gets some money back from the raw extraction of data now happening...

Edit: speeeeeling

udjdndndjdjr

16 days ago

Also this is a joke

dlahoda

16 days ago

this was the plan, this was the plan. just wait little bit it get spread more.

sebtron

16 days ago

Normally I don't mind, but on this page it took at least 15 seconds for me.

megnu

16 days ago

I use a uBlock Origin filter to block the anime girl from loading:

  ! Title: Hide Anubis Image
  */.within.website/x/cmd/anubis/static/img/*.webp$image

jraph

16 days ago

It is expressed very often.

jsiepkes

16 days ago

2 replies

I don't get why this is noteworthy? It's literally a piece of code in a Rust "unsafe" block. If you put something in an "unsafe" block the compiler isn't going to help you, you are on your own. That's why it's called "unsafe".

jvuygbbkuurx

16 days ago

I suppose you have a suggestion what is the proper action instead of crashing when the invariant is broken?

aw1621107

15 days ago

> Now what is kinda interesting is that instead of getting rid of the "unsafe" block the developers put in some extra check. I guess you can take the developer out of C but you can't take the C out of the developer?

The patch devs said that they're interested in larger-scale changes to get rid of the need for `unsafe` in this kind of situation, but since that'll take time it's more important to just fix the bug for now.

[0]: https://lore.kernel.org/all/20251111-binder-fix-list-remove-...

aw1621107

16 days ago

Effectively a dupe of this thread from ~14 hours ago: https://news.ycombinator.com/item?id=46302621 (130 comments as of this comment)

View full discussion on Hacker News

ID: 46309536Type: storyLast synced: 12/18/2025, 8:55:28 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN