The first CVE vulnerability has been assigned to a piece of the Linux kernel's Rust code. Greg Kroah-Hartman announced that the first CVE has been assigned to a piece of Rust code within the mainline Linux kernel. This first CVE for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash. This CVE for the possible system crash is for Linux 6.18 and newer since the introduction of the Rust Binder driver. At least though it's just a possible system crash and not any more serious system compromise with remote code execution or other more severe issues. More details on CVE-2025-68260 via the Linux CVE mailing list.
First seen: 2025-12-17 18:08
Last seen: 2025-12-17 19:08