CVEs for experimental (rust) code ?

Posted Dec 26, 2025 19:25 UTC (Fri) by moltonel (subscriber, #45207)
In reply to: CVEs for experimental (rust) code ? by gregkh
Parent article: The state of the kernel Rust experiment

Thanks for these insights. Sorry for lazily asking here instead of on the cve ml.

So, what do you think is the reason we had so few RfL CVEs so far ? Is that related to the code being considered "experimental" ? Does CVE-2025-38033 count as a RfL CVE ? It's hard to imagine that no bugs had been found yet, maybe the fixes were not backported to stable kernels ?

to post comments

CVEs for experimental (rust) code ?

Posted Dec 27, 2025 9:04 UTC (Sat) by gregkh (subscriber, #8) [Link]

> So, what do you think is the reason we had so few RfL CVEs so far ?

Perhaps because there has not been much rust code that is used in the kernel before now? That's just my guess, could be wrong.

> Is that related to the code being considered "experimental" ?

Again, no, the cve team does not use that as a criteria at all.

> Does CVE-2025-38033 count as a RfL CVE ?

No idea, feel free to count if it you want to :)

> It's hard to imagine that no bugs had been found yet,

Take a look at the code changes over time to determine this is true or not, I do not know.