Key Takeaways
Linux Just Made Rust Permanent in the Kernel – The Biggest Shift in Linux History

- Greg Kroah-Hartman estimates 80% of Linux kernel CVEs would be prevented by Rust's memory safety
- Some Linux subsystems will only accept Rust code going forward
- The kernel sees about 13 CVEs daily, most from simple C memory mistakes
Greg Kroah-Hartman, the Linux stable kernel maintainer, declared at Open Source Summit India 2026 that "the Rust experiment is over. It's real." Speaking in Mumbai, he made a claim that should get the attention of anyone running Linux infrastructure: 80% of kernel security vulnerabilities would simply not exist if the code had been written in Rust instead of C.
That's not a throwaway number. Kroah-Hartman oversees the kernel CVE process and has reviewed every vulnerability filed against Linux for 25 years. The kernel currently logs about 13 CVEs per day, and he argues most stem from "small, trivial, little bugs" that Rust's compiler catches automatically.
Why a C veteran became a Rust convert
Kroah-Hartman didn't start as a Rust enthusiast. When a friend first pitched him on the language, his response was blunt: "What? No, C is great." The friend persisted, telling him Rust makes programming fun again. Kroah-Hartman dismissed the idea.
He now admits he was wrong. "I should have done it then," he said. "Rust is actually fun. It takes a lot of stuff away from having to worry about the compiler, which can fix a lot of your problems for you, and it makes code a little bit better."
The technical case centers on Rust's ownership and type system. These features eliminate entire categories of bugs that plague C code: unchecked pointers, forgotten unlocks, sloppy cleanup paths. These aren't exotic attack vectors. They're the mundane mistakes that consume maintainer time and create security holes.
The reviewer bottleneck drives the decision
Linux has over 5,000 developers submitting code. Only about 150 core maintainers review the majority of it. This ratio shapes everything.
"We optimize for reviewers. We don't optimize for developers because we have a lot of developers," Kroah-Hartman explained. Rust shifts the burden. When the compiler enforces locking and lifetime rules at build time, reviewers can focus on logic instead of hunting for memory bugs. "If it builds as a reviewer, I know it's OK. I can look at the logic."
Rust already improved the C code
An unexpected benefit: making Rust bindings safe forced maintainers to revisit C APIs that had been unchanged for years. They added guard and scoped-allocation mechanisms that mirror Rust's automatic cleanup patterns.
"We have the guards, the scoped reference counting, to C because Rust showed us we could," Kroah-Hartman said. "We added a lot more memory safety stuff to the kernel and other APIs because we realized Rust showed us we could do that, and we made the C code more reliable and better."
His conclusion was pointed: "If Rust were to disappear tomorrow, the kernel's better off for it."
What this means for new kernel development
Kroah-Hartman confirmed that some Linux subsystems will only accept Rust code going forward. This is a significant policy shift. C won't vanish from the kernel anytime soon. The existing codebase is massive, battle-tested, and rewriting it would be impractical. But the direction is clear: new work in key subsystems will default to Rust.
He's careful not to oversell. Rust won't fix logic bugs. "Rust will still crash just fine. You can do really foolish things in Rust," he acknowledged. The remaining 20% of vulnerabilities that Rust can't prevent are the ones he actually wants maintainers spending time on.
The broader industry shift
Linux isn't alone. Git is moving toward Rust. The pattern appears across infrastructure software where reliability and security justify the investment in a new language. Major technology companies report that 70% of their security vulnerabilities in large codebases stem from memory safety issues, exactly the class of bugs Rust prevents at compile time.
For CTOs and engineering leads running Linux-based infrastructure, this shift matters beyond kernel internals. It signals where the talent pool is heading, which skills will be in demand, and how foundational software will evolve over the next decade.
Logicity's Take
The 80% figure is Kroah-Hartman's estimate, not a controlled study. But his vantage point is unique. He's seen every kernel CVE for 25 years. Even if the real number is 60% or 50%, the implication is the same: memory-safe languages will become table stakes for security-critical infrastructure. Organizations evaluating their own codebases should watch how the kernel community manages the C-to-Rust transition, particularly the tooling, the training, and the review processes. This will be the playbook everyone else follows.
Frequently Asked Questions
Will the Linux kernel be completely rewritten in Rust?
No. Kroah-Hartman made clear that the existing C codebase won't be rewritten. The shift applies to new development in certain subsystems, not wholesale replacement.
What percentage of kernel CVEs could Rust prevent?
Kroah-Hartman estimates 80%, based on his review of kernel vulnerabilities over 25 years. These are primarily memory safety bugs that Rust's compiler catches automatically.
When did Rust first enter the Linux kernel?
Rust infrastructure support was first merged in Linux 6.1, released in December 2022. Kroah-Hartman now considers it a permanent part of the kernel.
Does Rust eliminate all security bugs?
No. Rust prevents memory safety bugs but not logic errors. Kroah-Hartman noted that "Rust will still crash just fine" if the underlying logic is flawed.
Why does the kernel optimize for reviewers over developers?
Linux has over 5,000 developers but only about 150 core maintainers who review most code. Rust's compile-time safety checks reduce reviewer workload on routine memory bugs.
Infrastructure and developer tooling are attracting significant funding as language and security shifts reshape the industry
Need Help Implementing This?
If you're evaluating Rust for your infrastructure or security-critical systems, Logicity can connect you with consultants experienced in language migration and kernel-level development. Contact us at hello@logicity.in.
Source: Latest news
Huma Shazia
Senior AI & Tech Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
Related Articles
More in Trending Tech
AI Revolution: How Tech is Transforming the World, One Industry at a Time
From desalination plants in Iran to AI-powered manufacturing, the tech world is abuzz with innovation. Discover how AI is changing the game for small entrepreneurs and what it means for the future of industry. Explore the latest developments in cybersecurity, robotics, and more.

Revolutionizing AI: The Game-Changing Tech That's Making Agents Smarter
A new technology is set to revolutionize the way AI agents learn and adapt, enabling them to accumulate wisdom and apply it to new situations. This innovation has the potential to significantly boost the reliability of AI agents, especially in complex tasks. By converting raw agent trajectories into reusable guidelines, this tech is poised to transform the AI landscape.

The Dark Side of AI: How Bots Are Fueling a Monetized Abuse Ecosystem
A recent analysis of 2.8 million Telegram messages reveals a shocking truth: AI-powered bots are being used to create and sell non-consensual intimate images. These bots can turn ordinary photos into synthetic nude images, and the abuse is being monetized through affiliate programs and subscription-based archives. The researchers behind the study are calling for stricter regulations to combat this growing problem.

AI's Secret Sauce: How Journalism Became the Unlikely Ingredient
A recent study reveals that AI chatbots rely heavily on journalistic sources for their quotes, with one in four coming from news outlets. This shocking discovery has significant implications for the media industry and our understanding of AI's information gathering processes. As AI technology continues to evolve, it's essential to consider the role of journalism in shaping its responses.

