Kernel vulnerability caught by AI

3nd · May 23, 2025, 8:44am

Bink · May 23, 2025, 9:04am

The flip side to this coin that the article doesn’t really touch on, is the malicious actor, potentially state level, leveraging “AI” tools to find 0-day vulnerabilities

SemLraug · May 23, 2025, 7:10pm

I don’t understand the technicalities of the find, but it does seem quite impressive that any LLM should be able to do this kind of analysis.

Schlaefer · May 23, 2025, 7:16pm

After years of people using AI filing bogus bug reports everywhere I’m not sure what this points to: AI getting better or hitting one by chance.

3nd · May 23, 2025, 8:19pm

lemme put it another way … AI isn’t going anywhere , and it’s getting smarter.
let that sink in

anon83880781 · May 23, 2025, 8:26pm

drunkenvicar · May 23, 2025, 9:51pm

I’ve seen no evidence of this when it comes to writing. The art it creates is also very obvious. Maybe other things. I know it’s coming.

keithy · May 23, 2025, 10:03pm

This is worth watching. Scary stuff! Sorry its probably UK only. But not difficult to find ‘elsewhere’

BluishHumility · May 24, 2025, 4:10pm

Given enough time, a monkey hitting a typewriter at random will almost surely reproduce the complete works of William Shakespeare.

To put it mildly, the notion that AI is “getting smarter” is debatable.

What is less debatable is the fact that the pace of AI’s development continues to fall far short of what the marketing and hype have been promising. Let that sink in.

MyNameIsRichard · May 24, 2025, 4:11pm

The Internet has proved that wrong.

lew · May 29, 2025, 11:27am

According to the article there is a use after free (UAF) , but the code shown immediately nulls the pointer.

According to all discussions I could find of this problem, nulling a pointer after the memory is freed is the proper way to deal with UAF. (Though apparently there also ‘smart pointers’ which are also billed as a solution.)[1,2,3]

I guess the problem here is that the pointer could be dereferenced after the call to free but before it is nulled?
I that case what mitigations can be applied? Unless there is some way to make free+null atomic it seems there is no simple fix and the code just needs to be rewritten so that sess->user is recycled in this way.

Can anyone with knowledge of C++ weigh in?

[1] https://cwe.mitre.org/data/definitions/416.html
[2] https://learn.snyk.io/lesson/use-after-free/
[3] https://expl0it32.medium.com/demystifying-use-after-free-vulnerabilities-a-deep-dive-into-memory-safety-issues-78ee7f8d44c2