DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Claude Code Found a Linux Vulnerability Hidden for 23 Years

Quality: 8/10 Relevance: 9/10

Summary

The article reports that Nicholas Carlini used Claude Code to uncover multiple remotely exploitable vulnerabilities in the Linux kernel, including a vulnerability in the NFS driver that had gone undiscovered for 23 years. It explains how a simple prompt directed Claude Code to examine the kernel source, and details the NFS attack steps where two cooperating clients manipulate locks to cause a buffer overrun in a 112-byte server buffer, enabling memory writes with attacker-controlled data. It notes that Claude Code found hundreds more potential bugs, but human review is needed to triage and report them; Nicholas has found five Linux vulnerabilities through this process, and Anthropic’s Claude Opus 4.6 outperformed older models. The piece suggests a wave of security bugs to come as AI-based bug hunting improves, while warning that AI findings require careful validation before disclosure.

🚀 Service construit par Johan Denoyer