Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT
Security researcher has discovered a zero-day vulnerability (CVE-2025-37899) in the Linux kernel’s SMB server implementation using OpenAI’s o3 language model.
The vulnerability, a use-after-free bug in the SMB ‘logoff’ command handler, could potentially allow remote attackers to execute arbitrary code with kernel privileges.
This discovery marks a significant advancement in AI-assisted vulnerability research, demonstrating how large language models can effectively identify complex memory safety issues that require understanding of concurrent execution paths.
The vulnerability exists in ksmbd, “a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network”.
Specifically, the flaw occurs in the session logoff handler where sess->user is freed without proper synchronization between concurrent connections that might be using the same session object.
The vulnerability exploits a race condition where one worker thread processes an SMB2 LOGOFF command and frees the user structure, while another thread on a different connection continues using that now-freed memory.
