The Drum · Weekly AI news, freeSubscribe →
Share
OpenAI’s O3 model has uncovered a critical flaw in the Linux kernel's SMB protocol, demonstrating the powerful role AI can play in identifying security risks that traditional methods might miss.
The discovery of CVE-2025-37899, a zero-day vulnerability in the Linux kernel's implementation of the Server Message Block (SMB) protocol, highlights the growing capabilities of Large Language Models (LLMs) in cybersecurity. This article delves into how OpenAI’s O3 model was used to identify this critical flaw, underscoring its potential impact and implications for vulnerability research.
The Linux kernel is a cornerstone of modern computing infrastructure, powering everything from servers to embedded systems. A zero-day vulnerability in the SMB implementation (ksmbd) can have severe consequences, potentially allowing remote attackers to execute arbitrary code or cause denial-of-service conditions. The discovery of CVE-2025-37899 by Sean Heelan using OpenAI’s O3 model demonstrates a significant leap in AI's ability to reason about complex code and identify security flaws.
The identification of CVE-2025-37899 by an LLM marks a pivotal moment in the field of cybersecurity. Here are some key takeaways:
To understand the capabilities of O3, Sean Heelan benchmarked it using another vulnerability he had previously identified manually: CVE-2025-37778. This vulnerability, referred to as the "Kerberos authentication vulnerability," is a use-after-free issue that occurs during the Kerberos authentication path when handling a "session setup" request from a remote client.
The root cause of CVE-2025-37778 can be summarized as follows:
static int smb2_session_setup_auth_kerberos(struct ksmbd_work *work)
{
struct smb2_sess_setup_req *req = work->request_buf;
struct smb2_sess_setup_rsp *rsp = work->response_buf;
struct ksmbd_conn *conn = work->conn;
struct ksmbd_session *sess;
int rc;
/* ... */
sess = ksmbd_smb2_create_session(conn, req);
if (IS_ERR(sess)) {
return PTR_ERR(sess);
}
rc = smb2_kerberos_authenticate(sess, req, rsp);
if (rc) {
ksmbd_free_session(sess); // Potential use-after-free
return rc;
}
/* ... */
}
In this code snippet, the ksmbd_smb2_create_session function creates a session object, which is then used in the smb2_kerberos_authenticate function. If authentication fails, the session is freed using ksmbd_free_session, but if the session is still referenced elsewhere, it can lead to a use-after-free condition.
While benchmarking O3 with CVE-2025-37778, Heelan discovered CVE-2025-37899. This zero-day vulnerability is also a use-after-free issue, but it occurs in the handler for the
Tags
Original Sources
About the author
Marcus began tracking AI's market implications in 2016, noticing AI-related patent filings accelerating ahead of earnings upgrades before most of the sell-side had caught on. A former fixed-income quantitative analyst, he spent two decades building models that priced risk across emerging markets before pivoting to cover the economic impact of AI full-time. His writing translates opaque technical developments into clear risk/reward terms — and he's rarely diplomatic about the gap between AI valuations and underlying fundamentals. He believes most market participants still underestimate AI's long-run deflationary effect on knowledge work.
More from The Analyst →This Week's Edition
23 May 2025
133 articles
Related Articles
Related Articles
More Stories
