A important race situation vulnerability has been found within the Linux kernel’s Rust Binder module, probably inflicting system crashes and reminiscence corruption.
Assigned CVE-2025-68260, this challenge impacts the kernel’s inter-process communication mechanism and requires speedy consideration from system directors and kernel maintainers.
The Vulnerability
The vulnerability exists within the Rust Binder element’s death_list dealing with mechanism. The flaw stems from an unsafe operation that removes objects from a linked record with out correct synchronization.
The problematic code makes an attempt to control record pointers with out making certain unique entry, making a harmful race situation.
The difficulty arises from a particular implementation sample within the Node::launch operate. The code sequence entails buying a lock, shifting record objects to an area stack-based record, then releasing the lock earlier than iterating via the objects.
Whereas different threads are processing the unique record, this creates a window of alternative for concurrent entry to the prev/subsequent pointers, which may result in reminiscence corruption.
When this race situation is triggered, methods expertise kernel panics and web page faults. Affected gadgets crash with errors just like “Unable to deal with kernel paging request at digital deal with.”
The vulnerability manifests as inner reminiscence corruption, leading to kernel oops messages and system instability.
Units working susceptible kernel variations could expertise surprising reboots and repair interruptions.
The vulnerability was launched in kernel model 6.18 with a particular commit change to the binder code. It impacts the drivers/android/binder/node.rs file straight.
The challenge has been patched in kernel 6.18.1 and 6.19-rc1, with fixes obtainable within the upstream kernel repositories.
The Linux kernel improvement workforce strongly recommends updating to the newest steady kernel model.
Full kernel updates are most well-liked over particular person commit cherry-picks, as modifications are examined as a part of bigger releases.
Customers unable to replace instantly can apply particular commits from the kernel repositories to resolve this race situation.
System directors ought to prioritise patching this vulnerability to take care of system stability and stop surprising downtime.
Comply with us on Google Information, LinkedIn, and X to Get On the spot Updates and Set GBH as a Most popular Supply in Google.
