Back to NewsRead Original
AI News CN (Telegram) - English Translation

Researchers discovered a remote zero-day vulnerability in the Linux kernel using the OpenAI o3 model.

Researchers Use OpenAI's o3 Model to Discover a Remote Zero-day Vulnerability in the Linux Kernel

Recently, a security researcher released a report stating that when using OpenAI's latest large language model o3 to analyze the ksmbd module, which is the SMB protocol implementation in the Linux kernel, a remote zero-day vulnerability (CVE-2025-37899) was accidentally discovered. This vulnerability exists in the processing logic of the SMB "logoff" command and is a typical "use-after-free" type. Attackers can exploit this vulnerability to trigger kernel memory corruption and even remotely execute arbitrary code.

It is reported that the researcher initially planned to use o3 to benchmark the old vulnerability CVE-2025-37778 (use-after-free in the Kerberos authentication path). After providing approximately 3.3k lines of relevant source code to the model, o3 successfully and accurately identified the vulnerability in 8% of the runs, which is better than Claude Sonnet 3.7's 3% hit rate.

When further expanding the test scope to include all SMB command processing functions (about 12k lines of code), although o3's hit rate in identifying the old vulnerability decreased, it unexpectedly discovered a previously unpublicized new vulnerability, namely CVE-2025-37899. The cause of the vulnerability is that when handling SMB requests concurrently in multiple threads, the release and use of the sess->user pointer are not properly synchronized, resulting in the access of a dangling pointer.

This research is considered the first publicly reported instance of discovering a kernel-level remote vulnerability through a large language model, demonstrating significant progress of o3 in code logic reasoning and security auditing. The researchers pointed out that although the model still has false positives and false negatives, it already has the potential to assist expert-level researchers in improving the efficiency of vulnerability mining.

Sean Heelan's Blog | X

📮Contribute ☘️Channel 🐶618 Red Envelope

via Tech Circle🎗 Zaihua Channel📮 - Telegram Channel

•••