CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware

RegularJoe@lemmy.world · 2 days ago

CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware

ethancedwards8@programming.dev · 2 days ago

Clearly you have no idea. Rust makes this kind of bug impossible.

Possibly linux@lemmy.zip · 2 days ago

It is still possible to have security vulnerabilities in Rust

ayyy@sh.itjust.works · 21 hours ago

Nobody claimed otherwise.

Zangoose@lemmy.world · 1 day ago

‘Use-after-free’ bugs are a specific type of memory access bug that Rust was designed around preventing. It literally refers to trying to access a block of memory after it has already been freed by the memory allocator. Unless you go out of your way to use the “unsafe” keyword in rust (which in most cases, you shouldn’t) then this type of bug is not possible.

caseyweederman@lemmy.ca · 1 day ago

Utopia or nothing!

qweertz (they/she)@programming.dev · 1 day ago

That’s not what’s at issue her LOL

just_another_person@lemmy.world · edit-2 2 days ago

WOW. No, it would make it improbable. It’s not like there can’t be zero-days for Rust, bud. This particular attack vector deals with memory handling, and sure, Rust’s main feature is memory security and management. Doesn’t mean there aren’t bugs to exploit there.

https://linuxsecurity.com/features/rise-of-rust-based-malware

arcterus@piefed.blahaj.zone · edit-2 2 days ago

Did you even read the article you posted? This is about malware written in Rust being harder to analyze (or notice), not software written in Rust having vulnerabilities…

aubeynarf@lemmynsfw.com · 2 days ago

Your link has nothing to do with bugs in Rust. It says attackers are writing their tools in Rust, which is making the attack tools more robust.

attackers are smart, adaptable types, and they’ve discovered a different angle: malware written in Rust often shields itself using the very design principles we admire about the language. For us, as defenders, this means a steep learning curve and a shift in focus. Let’s break this down.

just_another_person@lemmy.world · 2 days ago

🤦 It’s not necessarily about bugs in Rust-lang, though you can lookup CVEs if you want. The point is that ANY software, by default, will have bugs and exploits. Doesn’t matter if it’s Rust or C. You can exploit at the core, or at implementation. It’s just matter of time and effort, as they say.

Just flat out saying Rust, or software written in Rust is be default is secure, is a fool’s assertion. Sure it’s LESS LIKELY to have a memory exploit, but that’s where that assertion ends.

aubeynarf@lemmynsfw.com · edit-2 18 hours ago

Just flat out saying Rust, or software written in Rust is be default is secure, is a fool’s assertion.

Who said that, Mr. Strawman?

It’s clearly better from both language feature and security standpoint and the community is behind it. What’s the problem?

did you mean to post a different link?