https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e0ae02ba831da2b707905f4e602e43f8507b8cc

🏫 MY COURSES
Sign-up for my FREE 3-Day C Course: https://lowlevel.academy

🧙‍♂️ HACK YOUR CAREER
Wanna learn to hack? Join my new CTF platform: https://stacksmash.io

🔥COME HANG OUT   
Check out my other stuff: https://lowlevel.tv

Low Level Learning

A CVE was discovered in Rust code within the Linux kernel's Android Binder driver, marking the first security vulnerability in kernel Rust code. The bug is a race condition in an unsafe block that handles doubly linked list operations for tracking node deaths. The vulnerability occurred because the code moved list items to a local stack copy and dropped the lock prematurely, allowing two threads to simultaneously access and modify the same list structure. This led to memory corruption and kernel crashes. The fix involved iterating over the list with proper locking instead of creating a local copy, demonstrating that even memory-safe languages require careful handling of concurrent operations in kernel code.

i didn't expect to see this...

I see more critiques of Rust recently. I guess this means it is actually used by people now. Good for Rust!

So in unsafe block there’s unsafe core? Shocker, I think the last time I was shocked so much was when I seen wet window in rainy day

But if something has already been done in the unsafe block, it’s not Rust’s fault.

rust will prolly get more blame than whoever wrote the code

People can’t write safe code inside an unsafe block is the reason for this. So i blame rust developers, not the Rust