Security vulnerability found in Rust Linux kernel code

Posted by lelanthran 23 hours ago

Counter34Comment17OpenOriginal

Comments

Comment by jsiepkes 17 hours ago

I don't get why this is noteworthy? It's literally a piece of code in a Rust "unsafe" block. If you put something in an "unsafe" block the compiler isn't going to help you, you are on your own. That's why it's called "unsafe".

Now what is kinda interesting is that instead of getting rid of the "unsafe" block the developers put in some extra check. I guess you can take the developer out of C but you can't take the C out of the developer?

Comment by 16 hours ago

Comment by aw1621107 21 hours ago

Effectively a dupe of this thread from ~14 hours ago: https://news.ycombinator.com/item?id=46302621 (130 comments as of this comment)

Comment by thesz 20 hours ago

The mistake there is a classical example of why (software) transactional memory is valuable. Double linked lists are trivial in single core execution, need PhD level understanding of everything in multicore execution and become trivial again in multicore execution with (S)TM.

Rust has troubles with STM because it lacks anything resembling effect system. Most probably, this will not be fixed.

Comment by dlahoda 13 hours ago

may you share links to read or vote to understand better and push for?

Comment by dizhn 21 hours ago

The URL this points to does not say anything about security. There's an example of a race condition causing memory corruption and a crash.

Comment by LukeShu 21 hours ago

While it doesn't add much more info: https://lore.kernel.org/linux-cve-announce/2025121614-CVE-20...

Comment by arowthway 19 hours ago

I hate this bot-detection anime girl popping up on my monitor while I pretend to be working. Same goes for the funny pictures at the beginning of some Github readmes. Sorry for complaining about a tangential annoyance, but I haven't seen this particular sentiment expressed yet.

Comment by megnu 19 hours ago

I use a uBlock Origin filter to block the anime girl from loading:

  ! Title: Hide Anubis Image
  */.within.website/x/cmd/anubis/static/img/*.webp$image

Comment by sebtron 19 hours ago

Normally I don't mind, but on this page it took at least 15 seconds for me.

Comment by jraph 18 hours ago

It is expressed very often.

Comment by udjdndndjdjr 19 hours ago

I had an idea!

Instead of using this to do some proof of work, why not just get the bot detector to mine bitcoin or something...

I mean it is just as useless... And at least the website gets some money back from the raw extraction of data now happening...

Edit: speeeeeling

Comment by dlahoda 13 hours ago

this was the plan, this was the plan. just wait little bit it get spread more.

Comment by udjdndndjdjr 19 hours ago

Also this is a joke

Comment by pityJuke 22 hours ago

Within the Android drivers, right?

Comment by jeroenhd 21 hours ago

Technically, binder is still part of Linux, even if it's not enabled by default in many cases.

This "security vulnerability" is just a local DoS though. Annoying and problematic as it effectively bypasses controls over power on/off behaviour, but as far as I can tell from this report, no memory is leaked and no code execution can be achieved.

Comment by yourdetect 20 hours ago

It's UB, it is not memory safe, so in theory, and often also in practice with this specific kind of bug, absolutely anything could happen, including code execution.

Greg Kroah-Hartman's comment is both wrong and perplexing.

Comment by uhfraid 22 hours ago

yes

Comment by 14 hours ago