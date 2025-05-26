Technology News
English Edition
  • Home
  • Ai
  • Ai News
  • OpenAI’s o3 Model Helps Researcher Uncover Zero Day Vulnerability in Linux Kernel’s SMB Stack

OpenAI’s o3 Model Helps Researcher Uncover Zero-Day Vulnerability in Linux Kernel’s SMB Stack

The vulnerability was discovered by researcher Sean Heelan using just OpenAI’s o3 API.

Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 26 May 2025 15:30 IST
OpenAI’s o3 Model Helps Researcher Uncover Zero-Day Vulnerability in Linux Kernel’s SMB Stack

Photo Credit: Unsplash/James Harrison

The researcher said the entire run to discover the flaw cost him $116 (roughly Rs. 9,865)

Highlights
  • The Linux kernel’s SMB vulnerability is labelled CVE-2025-37899
  • A use-after-free vulnerability existed in the Linux SMB ‘logoff’ command
  • The researcher also shared a fix for the flaw
Advertisement

OpenAI's o3 artificial intelligence (AI) model recently helped a cybersecurity researcher in uncovering a zero-day vulnerability in Linux. As per the researcher, the flaw was found in the Linux kernel's Server Message Block (SMB) implementation, also known as ksmbd. The previously unknown security flaw is said to be tricky to find since it involved multiple users or connections interacting with the system at the same time. This specific bug is now tracked as CVE-2025-37899, and a fix has already been released.

OpenAI's o3 Finds Zero-Day Vulnerability

Usage of AI models in finding zero-day or previously unknown (and likely unexploited) bugs is relatively rare, despite the increasing capabilities of the technology to potentially hunt them. Most researchers still prefer to uncover such security flaws using traditional code auditing, which can be a cumbersome way to analyse a large codebase. Researcher Sean Heelan detailed how OpenAI's o3 model assisted him in uncovering the flaw relatively easily in a blog post.

Interestingly, the major bug was not the focus for the researcher. Heelan was testing the AI's capability against a different bug (CVE-2025-37778), also described as the “Kerberos authentication vulnerability.” This bug also falls in the “use-after-free” category, which essentially means that a part of the system deletes something from memory, but other parts still try to use it afterwards. This can lead to crashes and security issues. The AI model was able to find the flaw in eight out of the 100 runs.

Once Heelan confirmed that o3 is capable of detecting a known security bug from a large chunk of code, he decided to use it to feed the AI model the entire file of the session setup command handler instead of just one function. This file, notably, contains around 12,000 lines of code and handles different types of requests. An analogy of this would be to give the AI a novel and to ask it to find a specific typo, only, this typo could potentially crash the computer.

After o3 was asked to run 100 simulations of this full file, it was only able to find the previously known bug once. Heelan acknowledges the drop in performance but highlights that the AI was still able to find the bug, which is a big feat. However, he found that in other runs, the OpenAI model spotted an entirely different bug, which was previously unknown, and the researcher missed it.

This new security flaw was also of the same nature, but it affected the SMB logoff command handler. This zero-day vulnerability also involved the system trying to access a file that was previously deleted, however, this bug triggered the issue when a user was logging out or ending a session.

As per o3's report, this bug could potentially crash the system or allow attackers to run code with deep system access, making it a major security concern. Heelan highlighted that o3 was able to understand a tricky bug in a real-world scenario, and explained the vulnerability clearly in its report.

Heelan added that o3 is not perfect and has a high signal-to-noise ratio (ratio between false positive to true positive). However, it found that the model behaves like a human when searching for bugs, unlike traditional security tools, which have a rigid way of functioning.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: OpenAI, AI, Artificial Intelligence, Cybersecurity, Linux
Akash Dutta
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
OnePlus Buds 4 Design Teased Ahead of Anticipated Launch; Price, Key Features Leak Online
Vivo T4 Ultra Key Specifications Tipped: Said to Get MediaTek Dimensity 9300 Series SoC

Related Stories

OpenAI’s o3 Model Helps Researcher Uncover Zero-Day Vulnerability in Linux Kernel’s SMB Stack
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Mozilla's Pocket Shuts Down in July: Try These Four Pocket Alternatives
#Latest Stories
  1. Solana Partners Swiss Watchmaker Franck Muller to Launch Limited Edition Web3 Watch 
  2. Elon Musk’s Starlink to Launch in India With Plans Priced Under Rs. 850 Per Month: Report
  3. OpenAI’s o3 Model Helps Researcher Uncover Zero-Day Vulnerability in Linux Kernel’s SMB Stack
  4. OnePlus Buds 4 Design Teased Ahead of Anticipated Launch; Price, Key Features Leak Online
  5. FromSoftware Considering Adding Two-Player Mode to Elden Ring Nightreign After Launch
  6. Realme GT 7 and Realme GT 7T Price, Specifications Surface Online; May Offer IP69 Rating, 1.5K Display
  7. Vivo T4 Ultra Key Specifications Tipped: Said to Get MediaTek Dimensity 9300 Series SoC
  8. Reliance Jio Reportedly Seeks DoT Approval to Use 26GHz Band for Wi-Fi Services
  9. Google Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL Leak Hints at Possible Colour Options, Wallpapers
  10. Elon Musk Says He'll Resume Working '24/7' at His Companies, X Outage Mostly Restored
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »