{"id":36542,"date":"2025-05-31T11:31:22","date_gmt":"2025-05-31T03:31:22","guid":{"rendered":"https:\/\/www.1ai.net\/?p=36542"},"modified":"2025-05-31T11:31:22","modified_gmt":"2025-05-31T03:31:22","slug":"openai-o3-ai-%e6%8e%a8%e7%90%86%e6%a8%a1%e5%9e%8b%e6%88%90%e5%85%b3%e9%94%ae%e4%be%a6%e6%8e%a2%ef%bc%8c%e5%8f%91%e7%8e%b0-linux-%e5%86%85%e6%a0%b8%e9%ab%98%e5%8d%b1%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"https:\/\/www.1ai.net\/en\/36542.html","title":{"rendered":"OpenAI o3 AI Inference Model Becomes Key \"Detective\" in Discovering High-Risk Vulnerabilities in the Linux Kernel"},"content":{"rendered":"<p>Security expert Sean Heelan published a blog post on May 22, reporting that in the <a href=\"https:\/\/www.1ai.net\/en\/tag\/openai\" title=\"[View articles tagged with [OpenAI]]\" target=\"_blank\" >OpenAI<\/a> with the help of the o3 inference model of the<strong>He managed to discover <a href=\"https:\/\/www.1ai.net\/en\/tag\/linux\" title=\"[See articles with [Linux] labels]\" target=\"_blank\" >Linux<\/a> Kernel Major Zero Day<a href=\"https:\/\/www.1ai.net\/en\/tag\/%e6%bc%8f%e6%b4%9e\" title=\"_Other Organiser\" target=\"_blank\" >loophole<\/a>, tracking number CVE-2025-37899.<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-36543\" title=\"95c00738j00sx3wfc00btd000sg00g0p\" src=\"https:\/\/www.1ai.net\/wp-content\/uploads\/2025\/05\/95c00738j00sx3wfc00btd000sg00g0p.jpg\" alt=\"95c00738j00sx3wfc00btd000sg00g0p\" width=\"1024\" height=\"576\" \/><\/p>\n<p>Heelan said he initially intended to test OpenAI's o3 inference model through a code audit, but accidentally discovered that the AI could autonomously identify a complex \"use-after-free\" vulnerability in the Linux kernel's implementation of the SMB protocol, with the tracking number CVE-2025- 37899. 37899.<\/p>\n<p>Note: \"use-after-free\" is a memory corruption problem caused by improper thread synchronization, which can lead to kernel memory corruption or even arbitrary code execution.<\/p>\n<p>Heelan disclosed that the vulnerability occurs during the processing of the SMB \"logoff\" command, where one thread releases an object while another thread is still accessing it, without proper synchronization, resulting in a \"use-after-free\" issue. The lack of proper synchronization led to the \"use-after-free\" issue.<\/p>\n<p>Heelan also compared another known vulnerability, CVE-2025-37778 (Kerberos Authentication Vulnerability), and found that o3 far outperforms models such as Claude Sonnet 3.7 when analyzing about 3,300 lines of code, with up to a three-fold increase in detection rate success.<\/p>\n<p>After further testing and scaling the code to about 12,000 lines, o3 still managed to locate the Kerberos vulnerability and discovered a new \"logoff\" vulnerability.<\/p>\n<p>Once the vulnerability was discovered, Heelan immediately reported it, the upstream team responded quickly, and the patch has been merged into all kernel branches that are still being maintained. The vulnerability has now been fixed in the kernel source code and users can simply pull the update from the distribution.<\/p>","protected":false},"excerpt":{"rendered":"<p>Security expert Sean Heelan published a blog post on May 22, reporting that he successfully discovered a major zero-day vulnerability in the Linux kernel with the help of OpenAI's o3 inference model, tracked as CVE-2025-37899. Heelan said that he initially intended to test OpenAI's o3 inference model through a code audit, but instead discovered that the AI was capable of Heelan stated that he initially intended to test OpenAI's o3 inference model through code auditing, but instead discovered that AI could autonomously recognize a complex \"use-after-free\" vulnerability in the Linux kernel's SMB protocol implementation, tracked as CVE-2025-37899. Note: \"use-after-free\" is a type of vulnerability that occurs due to a threading error. Note: \"use-after-free\" is a type of memory corruption caused by improper thread synchronization.<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146],"tags":[6799,190,2994],"collection":[],"class_list":["post-36542","post","type-post","status-publish","format-standard","hentry","category-news","tag-linux","tag-openai","tag-2994"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/36542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/comments?post=36542"}],"version-history":[{"count":0,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/36542\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/media?parent=36542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/categories?post=36542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/tags?post=36542"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/collection?post=36542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}