CVE-2025-38033

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for this issue

Description A vulnerability in the Linux kernel has been resolved. The issue occurs when calling core::fmt::write() from Rust code while FineIBT is enabled, resulting in a kernel panic. This happens because core::fmt::write() calls core::fmt::rt::Argument::fmt(), which currently has CFI disabled, causing a Control Protection exception. The vulnerability makes Rust currently incompatible with FineIBT. The issue is expected to be fixed in Rust 1.88.0, scheduled for release on 2025-06-26.

Recommendations For Linux kernel versions prior to the fixed version, consider disabling FineIBT until a patch is available. As a temporary workaround, avoid using Rust code that calls core::fmt::write() until the issue is resolved. Once Rust 1.88.0 is released, update to this version or later to fix the issue. At the moment, there is no information about a newer Linux kernel version that contains a fix for this vulnerability.