Linux内核Rust代码首次发现CVE漏洞

Linux内核Rust代码首次发现CVE漏洞
Linux Kernel Rust Code Sees Its First CVE Vulnerability

原始链接: https://www.phoronix.com/news/First-Linux-Rust-CVE

第一个CVE漏洞被分配给了Linux内核的Rust代码。Greg Kroah-Hartman宣布，Linux内核主线中第一段Rust代码获得了CVE编号。这个Linux内核中Rust代码的第一个CVE与Rust编写的Android Binder重写有关。由于一些不安全的Rust代码，可能出现竞态条件，导致前/后指针的内存损坏，进而导致崩溃。该CVE针对可能的系统崩溃，适用于Linux 6.18及更高版本，因为Rust Binder驱动程序的引入。至少，这只是一个可能的系统崩溃，而不是更严重的系统妥协，例如远程代码执行或其他更严重的问题。更多关于CVE-2025-68260的细节，请参考Linux CVE邮件列表。

The first CVE vulnerability has been assigned to a piece of the Linux kernel's Rust code.

Greg Kroah-Hartman announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel.

This first CVE for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash.

This CVE for the possible system crash is for Linux 6.18 and newer since the introduction of the Rust Binder driver. At least though it's just a possible system crash and not any more serious system compromise with remote code execution or other more severe issues.

More details on CVE-2025-68260 via the Linux CVE mailing list.

Linux内核Rust代码首次发现CVE漏洞 Linux Kernel Rust Code Sees Its First CVE Vulnerability

Linux内核Rust代码首次发现CVE漏洞
Linux Kernel Rust Code Sees Its First CVE Vulnerability