{"id":251396,"date":"2026-05-21T09:23:00","date_gmt":"2026-05-21T13:23:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/rust-could-eliminate-80-of-linux-kernel-cves\/"},"modified":"2026-05-21T10:05:18","modified_gmt":"2026-05-21T14:05:18","slug":"rust-could-eliminate-80-of-linux-kernel-cves","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/rust-could-eliminate-80-of-linux-kernel-cves\/","title":{"rendered":"Rust Could Eliminate 80% of Linux Kernel CVEs!"},"content":{"rendered":"<p><a href=\"https:\/\/itsfoss.com\/news\/linux-kernel-rust-cve-reduction\/\">Rust Could Eliminate 80% of Linux Kernel CVEs!<\/a><\/p>\n<p><a href=\"https:\/\/itsfoss.com\/news\/linux-kernel-rust-cve-reduction\/\">https:\/\/itsfoss.com\/news\/linux-kernel-rust-cve-reduction\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-21 09:23:00<\/a><\/p>\n<p>Source Domain: <a href=\"itsfoss.com\">itsfoss.com<\/a><\/p>\n<p>Greg Kroah-Hartman was at RustWeek 2026 in Utrecht this week, and he talked about a Rust-based proposal still in development <strong>that could wipe out around 80% of the CVEs the Linux kernel generates<\/strong>.<\/p>\n<p>That is not a small claim. This is coming from someone who has personally reviewed every kernel security bug since the Linux kernel security team was formed in 2005.<\/p>\n<h2 id=\"cs-blind-spot\">C&#8217;s blind spot<\/h2>\n<p><iframe loading=\"lazy\" title=\"Rust Week 2026 - Main Track - Wednesday 20 May\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/0vhGWclF7LU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>Greg&#8217;s presentation starts at 14:27.<\/p>\n<p>The core problem, as Greg sees it, is untrusted data. Every time data arrives from user space or from hardware, the kernel should treat it with suspicion. C has never had a reliable way to enforce that.<\/p>\n<p>Once data gets copied from user space into the kernel, it becomes a regular pointer and loses all context about where it came from. It gets passed around freely, and the external checkers that should catch issues do not always get run.<\/p>\n<p>Hardware adds another layer of the same problem. The kernel was designed assuming hardware is trustworthy, and that assumption is getting harder to hold as malicious hardware becomes a real and growing threat.<\/p>\n<h2 id=\"what-rust-already-fixes\">What Rust already fixes<\/h2>\n<p>Before the new proposal even ships, Rust is already making a difference. Failing to check error return values and forgetting to release locks are two notable contributors to kernel CVEs, and Rust handles both at compile time. <\/p>\n<p>Greg estimates those two fixes alone cover around 60% of kernel bugs.<\/p>\n<p>And it doesn&#8217;t stop there. Writing Rust bindings for existing C code has quietly pushed kernel maintainers to actually document and think through their APIs, working out ownership semantics, lock rules, and const-correctness.<\/p>\n<h2 id=\"enter-the-untrusted-type\">Enter, the &#8220;untrusted&#8221; type<\/h2>\n<p>Greg&#8217;s proposed solution is a Rust type called Untrusted, developed with kernel contributor Benno Lossin. It attaches to data coming in from user space or hardware as a compile-time marker, with no runtime cost. <\/p>\n<p>And you cannot access the underlying data without going&#8230;<\/p>\n<p><a href=\"https:\/\/itsfoss.com\/news\/linux-kernel-rust-cve-reduction\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rust Could Eliminate 80% of Linux Kernel CVEs! https:\/\/itsfoss.com\/news\/linux-kernel-rust-cve-reduction\/ Publish Date: 2026-05-21 09:23:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":251397,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/itsfoss.com\/content\/images\/2026\/05\/gkh-tux-rust-banner.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,71,57],"class_list":["post-251396","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-linux","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251396"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=251396"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251396\/revisions"}],"predecessor-version":[{"id":251398,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251396\/revisions\/251398"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/251397"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=251396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=251396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=251396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}