A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption.
Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers.
The Vulnerability
The vulnerability exists in the Rust Binder component’s death_list handling mechanism. The flaw stems from an unsafe operation that removes items from a linked list without proper synchronization.
The problematic code attempts to manipulate list pointers without ensuring exclusive access, creating a dangerous race condition.
The issue arises from a specific implementation pattern in the Node::release function. The code sequence involves acquiring a lock, moving list items to a local stack-based list, then releasing the lock before iterating through the items.
While other threads are processing the original list, this creates a window of opportunity for concurrent access to the prev/next pointers, which can lead to memory corruption.
When this race condition is triggered, systems experience kernel panics and page faults. Affected devices crash with errors similar to “Unable to handle kernel paging request at virtual address.”
The vulnerability manifests as internal memory corruption, resulting in kernel oops messages and system instability.
Devices running vulnerable kernel versions may experience unexpected reboots and service interruptions.
The vulnerability was introduced in kernel version 6.18 with a specific commit change to the binder code. It affects the drivers/android/binder/node.rs file directly.
The issue has been patched in kernel 6.18.1 and 6.19-rc1, with fixes available in the upstream kernel repositories.
The Linux kernel development team strongly recommends updating to the latest stable kernel version.
Full kernel updates are preferred over individual commit cherry-picks, as changes are tested as part of larger releases.
Users unable to update immediately can apply specific commits from the kernel repositories to resolve this race condition.
System administrators should prioritise patching this vulnerability to maintain system stability and prevent unexpected downtime.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.