Good news! The race between good guys and bad guys to discover critical vulnerabilities in operating systems etc. with ML & AI is on!
"A security researcher used OpenAI’s o3 model to discover CVE-2025-37899, a dangerous vulnerability in the Linux kernel’s ksmbd server. The researcher provided o3 with approximately 12,000 lines of code from the SMB protocol implementation, using only the standard API without additional frameworks or tools. The vulnerability occurs when multiple connections share session objects, allowing one thread to free memory while another thread still accesses it, potentially enabling arbitrary code execution in kernel context. This marks the first publicly documented case of an LLM finding this type of complex vulnerability, showing that LLMs (while still finding many false positives) can meaningfully assist expert vulnerability researchers. ..."
No comments:
Post a Comment