CyberSecurityBoard
Sponsor Register Login

New Linux Kernel Code Written In Rust To Eliminate Memory Safety Bugs

Since Rust was officially merged into the Linux kernel in October 2022, development teams have been steadily working to implement Rust-based drivers and components that inherently prevent common memory-related security issues. The Linux kernel has taken a significant step toward improved security with the growing adoption of Rust programming language components aimed at eliminating memory safety bugs. Jonathan Corbet, kernel maintainer and Executive Editor of LWN, emphasized that the Rust for Linux project has already achieved an important milestone by proving that Rust is indeed viable and desirable for kernel development, noting this work is essential for Linux’s long-term viability. As security analysts at Prossimo noted that the new code written in Rust has reduced risk of memory safety bugs and data races, while maintainers report greater confidence in refactoring and accepting patches for modules thanks to Rust’s safe subset. At least one of the targeted upstream implementations is expected to be merged into the mainline kernel within the next 12-18 months, bringing the initiative’s ultimate goal closer to reality: creating more secure products and services running Linux, benefiting end users through enhanced protection against memory-related vulnerabilities. While the goal was never to rewrite the entire kernel in Rust, the growing acceptance across various subsystems signals a shift toward a more memory-safe future for Linux. The Rust for Linux project has reached a critical tipping point, with multiple drivers now being developed in this memory-safe language. Several companies now have full-time engineers dedicated to Rust development for the Linux kernel, demonstrating industry commitment to this approach. The effort is led by Miguel Ojeda, who published the original RFC for Rust in the Linux kernel and continues to maintain the development branches. Kroah-Hartman further mentioned that the next merge window should bring PCI and platform driver capabilities, which would enable almost all driver subsystems to accept Rust drivers. “Rust misc driver bindings and other rust changes to make misc drivers actually possible.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 09:50:06 +0000


Cyber News related to New Linux Kernel Code Written In Rust To Eliminate Memory Safety Bugs

New Linux Kernel Code Written In Rust To Eliminate Memory Safety Bugs - Since Rust was officially merged into the Linux kernel in October 2022, development teams have been steadily working to implement Rust-based drivers and components that inherently prevent common memory-related security issues. The Linux kernel has ...
18 hours ago Cybersecuritynews.com
Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases - The Rust Project has issued an update for its standard library, after a vulnerability researcher discovered a specific function used to execute batch files on Windows systems could be exploited using an injection flaw. The set of common functions ...
11 months ago Darkreading.com CVE-2024-24576
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables - To support the static analysis of Go and Rust executables, FLOSS now extracts program strings using enhanced algorithms. Where traditional extraction algorithms provide compound and confusing string output FLOSS recovers the individual Go and Rust ...
1 year ago Mandiant.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
Teaching Digital Literacy and Online Safety - It is crucial for educators to prioritize teaching online safety to ensure that students are equipped with the necessary skills to protect themselves online. This article aims to explore the importance of teaching digital literacy and online safety, ...
1 year ago Securityzap.com
CVE-2024-26957 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
Categorically Unsafe Software - We've had many people ask us why we urge software manufacturers to eliminate entire classes of defect like cross-site scripting, SQL injection, directory traversal, and memory unsafety, as called for in our Secure by Design Pledge. While it might ...
9 months ago Cisa.gov
Online safety laws: What's in store for children's digital playgrounds? - As children's safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm. Tomorrow is Safer Internet Day, an annual awareness campaign that started in Europe in 2004 ...
2 years ago Welivesecurity.com
Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs - Government agencies in the US, UK, Canada, Australia, and New Zealand have published guidance for software makers to eliminate memory safety vulnerabilities. The document, named Case for Memory Safe Roadmaps, recommends the adoption of memory safe ...
1 year ago Securityweek.com
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
8 months ago Techrepublic.com
Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities - Google today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe ...
1 year ago Securityweek.com
Google throws $1m at Rust Foundation to build C++ bridges The Register - Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++. C++, a popular general purpose programming language, has arguably fallen out of fashion due to concerns over safety. ...
1 year ago Go.theregister.com
Role of Parents in Teaching Online Safety - In today's digital landscape, where children are increasingly exposed to the vast world of the internet, the role of parents in teaching online safety has become paramount. Parents should have regular conversations with their kids about the ...
1 year ago Securityzap.com
CISA's Flags Memory-Unsafe Code in Major Open Source Projects - A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software projects. The chances that fresh insight on a long known issue will spur any immediate changes to the ...
8 months ago Darkreading.com
CVE-2024-44989 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2024-26688 - In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in ...
11 months ago Tenable.com
CVE-2022-49123 - In the Linux kernel, the following vulnerability has been resolved: ...
1 week ago
CVE-2019-16760 - Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and ...
5 years ago
Google Pushes Software Security Via Rust, AI-Based Fuzzing - Google is making moves to help developers ensure that their code is secure. The IT giant this week said it is donating $1 million to the Rust Foundation to improve interoperability between the Rust programming language and legacy C++ codebase in ...
1 year ago Securityboulevard.com
CVE-2022-30315 - Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The ...
1 year ago
CVE-2022-48664 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
CVE-2023-30624 - Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior ...
1 year ago
Safeguarding Children and Vulnerable Groups Online Strategies for Enhancing Online Safety in Digital Communities - As the younger generations get more involved with these online communities, they can also be targets for cyberbullies, hackers, scammers, online predators, and much worse. As the internet landscape continues to evolve, online forums and group chat ...
1 year ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)