OpenAI’s o3 Model Aids Discovery of Critical Zero-Day Flaw in Linux Kernel SMB Stack

/in /tarafından

A cybersecurity researcher recently leveraged OpenAI’s o3 artificial intelligence (AI) model to uncover a critical zero-day vulnerability in the Linux kernel’s Server Message Block (SMB) implementation, known as ksmbd. This previously unknown security flaw, now tracked as CVE-2025-37899, involved complex interactions between multiple users or connections, making it particularly difficult to detect through traditional methods. Fortunately, a patch addressing the vulnerability has already been released to protect affected systems.

The discovery marks a significant milestone in the use of AI for cybersecurity, as such models are seldom used to find zero-day bugs—security flaws that are unknown and potentially unexploited before detection. While manual code audits remain the predominant approach for finding vulnerabilities, they can be painstaking and time-consuming when dealing with massive codebases. Researcher Sean Heelan explained in a detailed blog post how the o3 model accelerated the identification process, demonstrating AI’s emerging role as a powerful aid in vulnerability research.

Interestingly, Heelan initially employed the AI to examine a different security issue, CVE-2025-37778, a Kerberos authentication vulnerability categorized as a “use-after-free” bug. This type of flaw occurs when a system frees a block of memory but subsequent processes continue to reference it, potentially causing crashes or exploitable conditions. While testing the AI on this bug, the model unexpectedly flagged the SMB flaw in about eight out of 100 runs, underscoring the AI’s potential to uncover hidden vulnerabilities beyond its primary task.

This breakthrough with OpenAI’s o3 model highlights the growing synergy between artificial intelligence and cybersecurity research. As AI tools become more sophisticated, they offer promising avenues for automating complex code analysis and enhancing the detection of elusive security threats. The Linux SMB vulnerability case exemplifies how AI can augment human expertise, making systems safer in an era of increasingly sophisticated cyberattacks.

Beğenebilecekleriniz:
Apple AI executive Ke Yang departs for Meta amid intensifying talent war
Dell Reveals Unified Branding and New AI Pro Studio at CES 2025, Launches 3-Category Product Lineup
Oppo Reno 11 Series to Receive Innovative Generative AI Features; AI Center Unveiled
OpenAI Set to Test ChatGPT Integrations for Slack and Google Drive
CDW Beats Q1 Estimates as Healthcare and Education Drive Hardware, Software Demand
Oracle Integrates AI Pricing Features into Financial Software
Microsoft’s Xbox Division Sees 61% Growth Driven by Activision-Blizzard Acquisition
Chameleon AI Model Introduced to Add Digital Mask for Protecting Images from Facial Recognition