Claude Code Found a Linux Vulnerability Hidden for 23 Years
7 hours ago
- #Linux Security
- #AI Vulnerability Detection
- #NFS Bug
- Claude Code discovered a 23-year-old heap buffer overflow vulnerability in Linux's NFS driver, enabling attackers to read kernel memory remotely.
- The AI used a simple script to scan Linux source files for vulnerabilities by pretending to participate in a cybersecurity competition.
- The specific NFS bug involves an attacker using two clients: one sets a 1024-byte owner ID, and the other triggers a denial response that overflows a 112-byte buffer.
- Nicholas Carlini reported hundreds of potential bugs found by Claude Code, with five vulnerabilities already fixed or reported, but manual validation limits reporting.
- The effectiveness of vulnerability detection has surged with newer AI models like Claude Opus 4.6, suggesting a future wave of discovered security issues.