Security vulnerability found in Rust Linux kernel code

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e0ae02ba831da2b707905f4e602e43f8507b8cc

25•lelanthran•3h ago

Comments

pityJuke•2h ago

Within the Android drivers, right?

uhfraid•2h ago

yes

jeroenhd•2h ago

Technically, binder is still part of Linux, even if it's not enabled by default in many cases.

This "security vulnerability" is just a local DoS though. Annoying and problematic as it effectively bypasses controls over power on/off behaviour, but as far as I can tell from this report, no memory is leaked and no code execution can be achieved.

yourdetect•1h ago

It's UB, it is not memory safe, so in theory, and often also in practice with this specific kind of bug, absolutely anything could happen, including code execution.

Greg Kroah-Hartman's comment is both wrong and perplexing.

dizhn•2h ago

The URL this points to does not say anything about security. There's an example of a race condition causing memory corruption and a crash.

LukeShu•1h ago

While it doesn't add much more info: https://lore.kernel.org/linux-cve-announce/2025121614-CVE-20...

aw1621107•2h ago

Effectively a dupe of this thread from ~14 hours ago: https://news.ycombinator.com/item?id=46302621 (130 comments as of this comment)

thesz•1h ago

The mistake there is a classical example of why (software) transactional memory is valuable. Double linked lists are trivial in single core execution, need PhD level understanding of everything in multicore execution and become trivial again in multicore execution with (S)TM.

Rust has troubles with STM because it lacks anything resembling effect system. Most probably, this will not be fixed.

arowthway•21m ago

I hate this bot-detection anime girl popping up on my monitor while I pretend to be working. Same goes for the funny pictures at the beginning of some Github readmes. Sorry for complaining about a tangential annoyance, but I haven't seen this particular sentiment expressed yet.

udjdndndjdjr•11m ago

I had an idea!

Instead of using this to do some proof of work, why not just get the bot detector to mine bitcoin or something...

I mean it is just as useless... And at least the website gets some money back from the raw extraction of data now happening...

Edit: speeeeeling

udjdndndjdjr•11m ago

Also this is a joke

sebtron•1m ago

Normally I don't mind, but on this page it took at least 15 seconds for me.

RCE via ND6 Router Advertisements in FreeBSD

What is an elliptic curve? (2019)

GitHub Actions for Self-Hosted Runners Price Increase Postponed

Egyptian Hieroglyphs: Lesson 1

Gemini 3 Flash: Frontier intelligence built for speed

Coursera to combine with Udemy

I got hacked: My Hetzner server started mining Monero

Working quickly is more important than it seems (2015)

Jonathan Blow has spent the past decade designing 1,400 puzzles for you

Gut bacteria from amphibians and reptiles achieve tumor elimination in mice

Don MacKinnon: Why Simplicity Beats Cleverness in Software Design [audio]

Ask HN: Those making $500/month on side projects in 2025 – Show and tell

Judge hints Vizio TV buyers may have rights to source code licensed under GPL

AWS CEO says replacing junior devs with AI is 'one of the dumbest ideas'

Building a High-Performance OpenAPI Parser in Go

Developers can now submit apps to ChatGPT

Show HN: I built a fast RSS reader in Zig

'Ghost jobs' are on the rise – and so are calls to ban them

OBS Studio Gets a New Renderer

A Safer Container Ecosystem with Docker: Free Docker Hardened Images

Tell HN: HN was down

The Number That Turned Sideways

Cloudflare Radar 2025 Year in Review

Ask HN: Does anyone understand how Hacker News works?

TikTok unlawfully tracks shopping habits and use of dating apps?

Zmij: Faster floating point double-to-string conversion

More than half of researchers now use AI for peer review, often against guidance

Oasis: Pooling PCIe Devices over CXL to Boost Utilization

How SQLite is tested

Inside PostHog: SSRF, ClickHouse SQL Escape and Default Postgres Creds to RCE