Rust in Linux Kernel: First Vulnerability Emerges in Android Binder Driver

Following the initial report of the first vulnerability in Linux kernel Rust code, deeper analysis of CVE-2025-68260 in the Rust-based Binder module reveals a race condition in data list handling that causes memory corruption and system crashes. Detailed patches are available in kernel 6.18.1 and 6.19-rc1.

16 декабря 2025 Сообщено ИИ

Building on Rust's new permanent status in the Linux kernel—following its history from 2019 experiments to the Tokyo Maintainers Summit approval—production deployments like Android 16's Rust allocator are live, alongside advanced drivers and safety gains, though criticisms highlight ongoing hurdles.

Linus Torvalds has announced the release of Linux 6.18-rc1, marking the start of the release candidate phase for the upcoming kernel version. He described the preceding two-week merge window as 'one of the good merge windows,' noting its average size and lack of serious issues during testing. The kernel includes extensive driver updates and enhancements across various subsystems.

27 декабря 2025 Сообщено ИИ

Canonical's Ubuntu distribution has advanced significantly in 2025, incorporating the Rust programming language to bolster security and reliability across its core components. These updates, featured in releases like Ubuntu 25.10 Questing Quokka, also optimize hardware support for AI and diverse architectures. As the project eyes its next long-term support version, these changes position Ubuntu as a robust choice for developers and enterprises.

The GNU C Library has addressed a long-standing security vulnerability that dates back to 1996. This fix, identified as CVE-2026-0915, patches a flaw present in the library since its early versions. The update aims to enhance security for systems relying on this fundamental component of Linux distributions.

16 декабря 2025 Сообщено ИИ

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.