memory safety

A newly disclosed memory-safety bug in the open-source OPC UA stack open62541 — tracked as CVE-2026-1301 — has been flagged by U.S. cyber authorities as a medium-severity vulnerability that can be triggered before authentication and that reliably causes process crashes and heap corruption in...

A quiet but consequential fix landed in the Linux kernel tree on December 16, 2025: a defensive coding change in the Ceph client library (libceph) replaced several fatal assertions with proper bounds checks to block untrusted OSD indexes from network packets — a change recorded as CVE-2025-68283...

pcap_ether_aton, a long-standing utility in the widely used libpcap packet-capture library, has been assigned CVE-2025-11961 after maintainers fixed an input-validation bug that can cause both an out-of-bounds read (OOBR) and an out-of-bounds write (OOBW) when the function is given a malformed...

A critical memory‑safety flaw has been published affecting HDF5 version 1.14.6: CVE‑2025‑6270 is a heap‑based buffer overflow in the free‑space section lookup code, rooted in the function H5FS__sect_find_node inside H5FSsection.c, and public advisories and vulnerability trackers confirm a...

Microsoft’s latest public dust-up over an apparent plan to “rewrite Windows in Rust” began as a LinkedIn hiring post from Distinguished Engineer Galen Hunt and quickly became a global conversation about AI-assisted code migration, memory safety, and how platform vendors modernize decades‑old...

Microsoft’s blunt new engineering ambition — to use AI and algorithmic tooling to remove C and C++ from major system codebases and replace them with memory‑safe Rust — has vaulted a quiet, multi‑year shift into the headlines and forced an overdue reckoning about how operating systems will be...

A Microsoft engineer’s LinkedIn post that set off a flurry of headlines — claiming a goal to “eliminate every line of C and C++ from Microsoft by 2030” — has been clarified as a research project rather than an official company edict, but the episode crystallizes a real and accelerating shift...

Microsoft’s rapid retreat from an apparent plan to “rewrite Windows with AI” crystallizes a deeper story about how research, recruitment language, and public perception can collide — and why the difference between research experiment and product roadmap matters for every IT pro who manages...

The Linux kernel received a small but important fix that eliminates an uninitialized-memory warning in the in-kernel NTFS driver (ntfs3): the buffer allocated by __getname was not being zeroed before use, and the upstream remedy initializes that buffer to prevent KMSAN-detected uninitialized...

Microsoft’s most publicized systems‑engineering recruitment post this month crystallized an audacious vision: build AI‑and‑algorithmic tooling that can translate huge amounts of legacy C and C++ into Rust at industrial scale — and aim to “eliminate every line of C and C++ from Microsoft by...

Microsoft’s stated plan to remove “every line of C and C++” from its codebase by 2030 — and to do so by combining algorithmic source analysis with AI-driven translation into Rust — marks one of the most ambitious language-migration bets ever announced by a major platform company. The...

Microsoft’s public clarifications this week laid to rest the most sensational headlines: a LinkedIn hiring post from Distinguished Engineer Galen Hunt set off a firestorm by declaring a goal to “eliminate every line of C and C++ from Microsoft by 2030” and citing a provocative productivity north...

Microsoft engineering leadership has publicly framed an audacious, company-wide program to remove every line of C and C++ from Microsoft’s codebase by 2030 and replace it with Rust, driven by a purpose-built combination of algorithmic program analysis and AI agents that can rewrite and verify...

Microsoft’s software stack is on the move: in December 2025 a senior Microsoft engineer publicly framed an audacious plan to remove every line of C and C++ from Microsoft by 2030, using a hybrid of algorithmic program analysis, large‑scale AI agents, and hands‑on engineering to translate legacy...

Microsoft’s engineering gamble — to use AI to rewrite millions of lines of legacy C and C++ into Rust by 2030 — landed squarely in the spotlight this winter after a months‑long string of Windows 11 malfunctions and a formal Microsoft support advisory that traced the outages to XAML registration...

Microsoft Distinguished Engineer Galen Hunt has posted a provocative, highly publicized mandate: use a blend of algorithmic program analysis and AI agents to replace every line of C and C++ inside Microsoft with Rust by 2030, backed by a striking “North Star” productivity claim — “1 engineer, 1...

Microsoft’s latest engineering gambit is as audacious as it is literal: replace the company’s legacy C and C++ estate with Rust by 2030, using a blend of algorithmic tooling and AI to mass‑rewrite code at scale — a plan distilled into an evocative (if headline‑hungry) goal sometimes summarized...

Capstone, the widely used disassembly framework, contains a memory‑safety bug (CVE‑2025‑68114) in SStream_concat where an unchecked return from vsnprintf can drive the stream index negative or past its end — a flaw fixed upstream in a December 2025 commit but one that can produce stack buffer...

A small but important memory-allocation bug in the Linux kernel's ASoC SDCA driver has been assigned CVE-2025-68281 and corrected upstream; the flaw caused a mismatch between the declared type of a control's value array and the size allocated for it, which can trigger kernel crashes when the...

A new Linux-kernel patch closes a narrow but dangerous race in the in‑kernel SMB server (ksmbd) that could lead to a kernel use‑after‑free (UAF) in ipc_msg_send_request. The upstream fix changes how ksmbd validates and frees generic‑netlink reply buffers by taking the global ipc_msg_table_lock...