A better Windows kernel Rust bug

⚓ Rust 📅 2025-10-21 👤 surdeus 👁️ 4

Info

This post is auto-generated from RSS feed The Rust Programming Language Forum - Latest topics. Source: A better Windows kernel Rust bug

Last time was seemingly entirely click-bait, but it seems we finally have an actual reported security issue in Windows due to Rust, at least in that it's an instant BSOD instead of possibly RCE!

Release: Windows Rust-based Kernel GDI Vulnerability Leads to Crash and Blue Screen of Death Error

Details: Denial of Fuzzing: Rust in the Windows kernel - Check Point Research

Didn't see a CVE anywhere? Not sure what's up with that.

Notably, they have the following quote in their conclusion:

A fitting analogy might be a home alarm system that stops a burglar by blowing up the house.

referring to their belief that Rust out of bounds errors shouldn't bring down the system. While understandable, it's not clear what they would prefer: the only alternatives I can think in general are:

never writing a bug
never using a panicking API
unwinding the kernel thread

Though for this specific case it seems a bit weird that it's running geometry parsing code in the kernel: perhaps in it's original form GDI needed direct access to the display buffer or something and it's a pain to lift up now.

Panic-free enforcement has been talked about quite a few times, but my understanding is it's pretty tricky to add now? It's generally not what you'd want, but it seems like it might be worth it for kernel use.

I don't think anyone unwinds in the kernel, either? Strictly it should be possible from what I understand, but it probably makes some people's skin crawl.

I guess it's possible that this is just a security research team getting salty that they are going to get less juicy RCE bugs and just boring BSODs instead

Also the analysis hints at some interesting details of how Rust is being used; I don't think someone would from scratch implement even a single linked list for this in Rust, but equally standard Rust bounds checks caught the issue. I'm curious how this port was done; probably at least some "copilot please rewrite this C++ in Rust" but that doesn't scale....

I also didn't see any mention of if the bug reproduced in the original C++ code, it would be a pretty clear win if the port simply preserved the original bug!

2 posts - 2 participants

Read full topic

🏷️ Rust_feed

👍 󠁮󠁮󠁮󠁮 👎 󠁮󠁮󠁮󠁮