Hacker News
Claude Code Discovers 23-Year-Old Linux Kernel Heap Buffer Overflow in NFSv4 — 396 Points, 246 Comments
Nicholas Carlini at Anthropic used Claude Code to systematically audit Linux kernel source files and discovered a heap buffer overflow in the NFSv4.0 LOCK replay cache, introduced in March 2003. The exploit uses two coordinated NFS clients to overflow a 112-byte buffer with up to 1,056 bytes of attacker-controlled data, enabling kernel memory overwrites. Five total vulnerabilities have been attributed to this research so far, with Carlini noting that older Claude models found only a fraction of what Opus 4.6 discovered — suggesting an 'enormous wave of security bugs' is coming.
Source
↳ Follow the thread