Linux's stable maintainer is betting on a new Rust type to address a class of bugs C has never been able to fully prevent.

ItsFOSS's platform is a central hub for Linux enthusiasts and open-source advocates, offering insights into Linux distributions, software applications, and Linux-related news. Through articles, tutorials, and reviews, ItsFOSS offers insights into using Linux as a desktop operating system, developing open-source software, and contributing to the Linux community. Readers can learn about Linux tips and tricks, open-source alternatives to proprietary software, and the latest developments in the Linux ecosystem.

It's Foss

Greg Kroah-Hartman, Linux stable maintainer, presented at RustWeek 2026 a proposal that could eliminate roughly 80% of Linux kernel CVEs. The core idea is a new Rust type called `Untrusted<T>`, developed with Benno Lossin, which attaches a compile-time marker to data arriving from user space or hardware. This forces explicit validation before the data can be used, with no runtime overhead. Rust already addresses around 60% of kernel bugs by catching unchecked error returns and forgotten lock releases at compile time. The `Untrusted<T>` type is not yet merged — it requires changes to the Rust compiler and depends on related work on field projections. Greg called for more Rust kernel developers to help move the effort forward.

Rust Could Eliminate 80% of Linux Kernel CVEs!

<p>And replace it with Rust CVEs? OS and kernel development in Rust requires unsafe Rust. Which isnt any more safe than C.</p>
