Claude Code Found a Linux Vulnerability Hidden for 23 Years

Nicholas Carlini, a research scientist at Anthropic, used Claude Code to discover multiple critical security vulnerabilities in the Linux kernel, including a heap buffer overflow that remained undetected for 23 years.

Nicholas Carlini, a research scientist at Anthropic, reported at the [un]prompted AI security conference that he used Claude Code to find multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that sat undiscovered for 23 years. Nicholas was astonished at how effective Claude Code has been at finding these bugs, noting that while finding such vulnerabilities is traditionally extremely difficult, AI models have made it significantly easier. The most surprising aspect was the minimal oversight required; Carlini used a simple script to prompt Claude to find vulnerabilities in each file of the source tree. One specific bug found was in the NFS driver, where a buffer overflow occurred because the kernel used a 112-byte buffer for a response that could reach 1056 bytes. This bug dated back to 2003, predating the creation of Git. Carlini has identified hundreds of potential bugs, but the manual validation process remains a bottleneck. He predicts a massive wave of security discoveries as researchers and attackers leverage these powerful AI models.

Source: Hacker News

More in this category

dev-tools

Treating pancreatic tumours may have revealed cancer's master switch

A promising new drug called daraxonrasib has shown breakthrough results in treating pancreatic cancer, doubling median survival times. This achievement could pave the way for an entirely new class of cancer treatments.

dev-tools

Leaving Mozilla

A poignant and candid reflection from a 15-year Mozilla veteran upon their departure. The author highlights the leadership's missteps in trying to emulate tech giants and urges Mozilla to return to its core values: community and uniqueness.

dev-tools

Shepherd's Dog: A Game by the Most Dangerous AI Model

A developer tested Anthropic's latest, supposedly 'too dangerous' AI model by asking it to build a long-held game idea in a single shot. The model succeeded, generating a complete 2,319-line game after a 45-minute reasoning session.

dev-tools

Open source AI must win

If artificial intelligence becomes a utility rented only from a few closed institutions, humanity loses its operational freedom. Open-source AI is a vital infrastructure for the future of our digital society.

dev-tools

Statement on US government directive to suspend access to Fable 5 and Mythos 5

The US government has issued an export control directive forcing Anthropic to suspend all access to its Fable 5 and Mythos 5 models due to national security concerns, a move the AI safety startup strongly disputes.

dev-tools

Electric motors with no rare earths

Renault Group is pioneering the development of electrically excited synchronous motors (EESM) that eliminate the need for rare earth magnets, reducing dependency on global monopolies while driving efficiency and sustainability.

EXPLORE TOPICS