An AI Audit of FreeBSD
3 hours ago
- #FreeBSD kernel bugs
- #open-source maintenance
- #AI-assisted security audit
- Reported 15 kernel bugs in FreeBSD, including 3 remote code executions (RCEs), 5 local privilege escalations (LPEs), and 1 bhyve escape.
- AI-assisted audit aimed to make bug-finding more expensive and help the FreeBSD team independently find and prevent bugs long-term.
- Collaboration emphasized sending only high/critical bugs, keeping reports concise, suggesting patches optionally, and building direct communication channels.
- Published exploits and writeups for three LPEs (setcred, ptrace, procdesc) as historical AI artifacts, with verified working exploits.
- Highlighted the critical role of volunteer maintainers in open-source projects and ongoing efforts to assist other internet-critical projects.