ChatGPT's o3 Model Found Remote Zeroday in Linux Kernel Code
ChatGPT's o3 Model Found Remote Zeroday in Linux Kernel Code
linuxiac.com
ChatGPT's o3 Model Found Remote Zeroday in Linux Kernel Code
4 comments
-
TL;DR: The pentester already found it himself, and wanted to test how offen GPT finds it if he pasts that code into it
-
Not quite, though. In the blogpost the pentester notes that it found a similar issue (that he overlooked) that occurred elsewhere, in the logoff handler, which the pentester noted and verified when spitting through a number of the reports it generated. Additionally, the pentester noted that the fix it supplied accounted for (and documented) a issue that it accounted for, that his own suggested fix for the issue was (still) susceptible to. This shows that it could be(come) a new tool that allows us to identify issues that are not found with techniques like fuzzing and can even be overlooked by a pentester actively searching for them, never mind a kernel programmer.
Now, these models generate a ton of false positives, which make the signal-to-noise ratio still much higher than what would be preferred. But the fact that a language model can locate and identify these issues at all, even if sporadically, is already orders of magnitude more than what I would have expected initially. I would have expected it to only hallucinate issues, not finding anything that is remotely like an actual security issue. Much like the spam the
curlproject is experiencing.-
Yes, but:
To get to this point, OpenAI had to suck up almost all data ever generated in the world. So in order for it to become better, lets say it has to have 3 times as much data. That alone would take more than 3 Lifetimes to get the data alone, IF we don´t consider the AI slop and assume that all data is still Human made, which is just not true.
In other words: What you describe will just about never happen anymore, at least as long as 2025 will still be remembered
-
-