The Linux kernel's ambitious experiment with Rust—a language championed for preventing memory bugs—has hit its first security vulnerability, revealing that even "safe" languages need careful implementation to deliver on their promises.
Greg Kroah-Hartman announced CVE-2025-68260, marking the first Common Vulnerabilities and Exposures designation for Rust code in the mainline Linux kernel. The flaw affects the Android Binder driver rewrite, which handles inter-process communication in Android systems running Linux 6.18 and newer.
The vulnerability stems from a race condition in code explicitly marked as "unsafe"—Rust's mechanism for bypassing its built-in safety checks when low-level operations demand it. When multiple threads simultaneously access a death notification list, they can corrupt memory pointers, triggering kernel crashes that take down the entire system.
"This operation is unsafe because when touching the prev/next pointers of a list element, we have to ensure that no other thread is also touching them in parallel," the CVE description explains. The problem occurs when one thread moves list items while another attempts to remove items from the original list, creating a data race that mangles the linked list structure.
While the bug can crash systems, it doesn't enable remote code execution or privilege escalation—a small mercy in the security world. The technical details show memory corruption manifesting as kernel paging faults, with crash logs displaying the telltale signs of pointer corruption.
The vulnerability exposes a critical lesson: Rust's memory safety guarantees only apply to "safe" Rust code. Kernel development, by necessity, requires frequent unsafe operations for hardware access and performance. The fix, already merged into Linux 6.18.1 and 6.19-rc1, changes how the death notification list is managed to prevent concurrent access issues.
For Rust advocates, this isn't a condemnation but a reality check. The language still prevents entire classes of vulnerabilities, but developers must exercise extreme caution in unsafe blocks—exactly where kernel code spends much of its time.
System administrators should update to Linux 6.18.1 or later. The Linux kernel CVE team emphasizes updating to the latest stable version rather than cherry-picking individual patches.