Greg K-H
gregkh
That being said, we just assigned our first CVE for some Rust code in the kernel: https://lore.kernel.org/all/2025121614-CVE-2025-68260-558d@gregkh/ where the offending issue just causes a crash, not the ability to take advantage of the memory corruption, a much better thing overall.
Note the other 159 kernel CVEs issued today for fixes in the C portion of the codebase, so as always, everyone should be upgrading to newer kernels to remain secure overall.
3
130
190
Nik | Klampfradler πΈπ²
nik@toot.teckids.org
@gregkh I'm pretty sure now that Torvalds goes all in on vibe coding, Linux will get the bad Rust code it deserves rather sooner than later.
1
0
0
penguin42
penguin42@mastodon.org.uk@gregkh Oh well, it's in an unsafe { } block, so all bets are off!
1
0
0
@penguin42 @gregkh Rust's type system persists into `unsafe` blocks, including e.g. lifetime checks. The remove function itself depends on two lifetime-bound entities and relies on the fact that the references are real to prove certain operations are correct to perform.
The problem is the safety requirement for this function is "leaky", because it includes a requirement about *other* lists. This safety requirement was one chosen by the kernel programmers, though, not Rust.
1
0
0
0
0
0
silmeth πΊπ¦
silmeth@mstdn.social@gregkh Is this vulnerability specific to Rust version of Binder or was/is this also present in the C version?
I remember another vulnerability in Rust Binder Alice Ryhl talked about in this presentation: https://youtu.be/Kt3hpvMZv8o?t=961 β and it turned out it was also present in C except there it was a use-after-free error and not βjustβ a simple logic error.
0
0
0
@nik @gregkh You managed to remove all of the cautious nuances and details he said before stating that vibe coding could allow beginners to get excited and build fun things, without being scared of complexity.
So nope, not "all in on vibe coding" at all, at most he is considering AI as a potential tool for programmers, and vibe coding a way for 8yo to have fun
0
0
0