Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

      July 9, 2025

      10 Reasons to Choose Full-Stack Techies for Your Next React.js Development Project

      July 9, 2025

      Anthropic proposes transparency framework for frontier AI development

      July 8, 2025

      Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

      July 8, 2025

      Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

      July 9, 2025

      You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

      July 9, 2025

      Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

      July 9, 2025

      It doesn’t matter how many laptops I review or how great the deals are — this is the one I keep coming back to over and over again

      July 9, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Leading Experts in Meme Coin Development – Beleaf Technologies

      July 9, 2025
      Recent

      Leading Experts in Meme Coin Development – Beleaf Technologies

      July 9, 2025

      Redefining Quality Engineering – Tricentis India Partner Event

      July 9, 2025

      Enhancing JSON Responses with Laravel Model Appends

      July 9, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

      July 9, 2025
      Recent

      Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

      July 9, 2025

      You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

      July 9, 2025

      Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

      July 9, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Development»AI Finds What Humans Missed: OpenAI’s o3 Spots Linux Zero-Day

    AI Finds What Humans Missed: OpenAI’s o3 Spots Linux Zero-Day

    May 23, 2025

    CVE-2025-37899

    A zero-day vulnerability in the Linux kernel’s SMB (Server Message Block) implementation, identified as CVE-2025-37899, has been discovered using OpenAI’s powerful language model, o3. The vulnerability is a use-after-free flaw located in the logoff command handler of the ksmbd kernel module. 

    Security researcher Sean H. documented the process in a detailed technical blog. He had initially set out to audit ksmbd, a Linux kernel module responsible for implementing the SMB3 protocol. While intending to take a break from large language model (LLM) tools, curiosity led him to benchmark the capabilities of o3, a new AI model from OpenAI. 

    Rather than using complex frameworks or automation tools, Sean leveraged only the o3 API to analyze targeted code sections. During this process, o3 successfully unearthed CVE-2025-37899, a zero-day vulnerability in the Linux kernel. The model identified a scenario where shared objects between concurrent server connections led to unsafe memory access—specifically, a use-after-free situation in the SMB ‘logoff’ command handler. 

    Technical Breakdown of CVE-2025-37899 

    The issue arises when one thread processes an SMB2 LOGOFF request and frees the sess->user object while another thread may still be using it. This occurs without proper synchronization mechanisms, which can lead to dereferencing of freed memory, opening doors to kernel memory corruption or arbitrary code execution. 

    The vulnerability exploits a subtle interaction between SMB session handling and Linux kernel memory management:

    1. Multiple connections may bind to the same SMB session. 
    2. One thread (Worker-B) handling a LOGOFF request frees the session’s user object (ksmbd_free_user(sess->user)). 
    3. Another thread (Worker-A), still processing requests using the same session, continues accessing sess->user, now pointing to freed memory.

    Depending on timing, this results in a traditional use-after-free exploit or a null pointer dereference, leading to system crashes or privilege escalation. 

    Comparative Performance: o3 vs. Other Models 

    Interestingly, o3 also rediscovered CVE-2025-37778, another use-after-free vulnerability that Sean had previously identified manually. This bug resides in the Kerberos authentication path during SMB session setup. The AI detected this bug in 8 out of 100 runs, while OpenAI’s Claude Sonnet 3.7 managed only 3 detections in 100 tries, and Claude 3.5 failed to detect it altogether.

    These results reflect both the promise and current limitations of AI-assisted vulnerability research. o3 showed notable capability but also returned a high false positive rate—about 28 out of 100 attempts. Still, with a true positive to false positive ratio of around 1:4.5, the model proved useful enough to warrant serious consideration in practical workflows. 

    Lessons from o3’s Analysis 

    One of the most insightful takeaways from o3’s analysis of CVE-2025-37899 was its understanding of concurrency in kernel operations. The model successfully reasoned through non-trivial control flow paths and object lifecycle management under concurrent execution—something even experienced researchers may overlook, especially under time pressure.

    What’s more compelling is that o3 sometimes offered better remediation advice than its human counterpart. For example, in addressing CVE-2025-37778, Sean had initially suggested setting sess->user = NULL after freeing it. However, o3 identified that such a fix might be insufficient due to the SMB protocol allowing multiple connections to bind to a session.

    Conclusion  

    Large language models are not yet a replacement for expert analysts. o3’s success in identifying complex flaws highlights its ability to augment human expertise, streamline analysis, and extend the reach of automated security tools. Though the experiment revealed limitations in processing large codebases, it also highlighted the model’s effectiveness in targeted scans and the importance of developing tools to manage false positives and intelligently structure input.

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleU.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
    Next Article International Operation Targets Qakbot Hacker, $24M in Crypto Seized

    Related Posts

    Artificial Intelligence

    Introducing Gemma 3

    July 9, 2025
    Artificial Intelligence

    Experiment with Gemini 2.0 Flash native image generation

    July 9, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-34025 – Versa Concerto Privilege Escalation and Container Escape Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Why SMS two-factor authentication codes aren’t safe and what to use instead

    News & Updates

    Flaws in Weidmueller IE-SR-2TX Routers Allow Remote Root Access!

    Security

    CVE-2025-5376 – SourceCodester Health Center Patient Record Management System SQL Injection

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    CVE-2025-6777 – Food Distributor Site SQL Injection Vulnerability

    June 27, 2025

    CVE ID : CVE-2025-6777

    Published : June 27, 2025, 9:15 p.m. | 1 hour, 2 minutes ago

    Description : A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    Severity: 7.3 | HIGH

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    CVE-2025-3636 – Moodle RSS Feed Access Vulnerability

    April 25, 2025

    The Outer Worlds 2: Xbox Game Pass, gameplay, and everything you need to know

    April 17, 2025

    CVE-2025-6129 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

    June 16, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.