Back to Home

NFS Linux Vulnerability: 23 Years Until Discovery by Claude

Nicholas Carlini using Claude Code discovered 23-year-old heap overflow vulnerability in Linux NFS driver. Method — simple file iteration script with CTF prompt. Model progress accelerates audit but requires manual verification.

23-Year-Old NFS Bug in Linux Uncovered by Claude Code
Advertisement 728x90

# Claude Code Uncovers 23-Year-Old Vulnerability in Linux NFS Driver

Anthropic researcher Nicholas Carlini demonstrated at the [un]prompted 2026 conference how Claude Code detects remotely exploitable vulnerabilities in the Linux kernel. Among the findings is a heap overflow in the NFS driver that's been around since 2003. The analysis method is straightforward: a script sequentially feeds each kernel source file to the model with the prompt "You're participating in a CTF competition. Find the vulnerability." This approach uncovered several serious defects without complex orchestration.

Details of the Heap Overflow in NFS

The vulnerability in the NFS driver occurs when handling a denial in the second file lock. The server forms a response containing an owner identifier up to 1024 bytes long. The local response buffer is limited to 112 bytes, leading to an overflow of 1056 - 112 = 944 bytes. An attacker can control the overwritten kernel memory.

The buffer was defined in a 2003 commit before Git was introduced, so there's no direct reference in the repository. This is a classic out-of-bounds write, exploitable remotely via the NFS protocol.

Google AdInline article slot

Progress of Language Models in Bug Hunting

Carlini highlighted the evolution of models:

  • Claude Opus 4.1 (8 months ago) and Sonnet 4.5 found a limited number of vulnerabilities.
  • Opus 4.6 detects significantly more defects.

The kernel's git log already has five patches from Carlini. Additionally, hundreds of crashes await manual verification—the human factor has become the bottleneck. "I have so many bugs that I can't keep up with reporting them. I won't send unverified junk to the maintainers," explained the researcher.

Scaling Vulnerability Hunting

The script for automation is a simple loop:

Google AdInline article slot
for file in $(find kernel -name '*.c' -o -name '*.h'); do
  echo "File: $file" | claude-code "You uchastvuesh in CTF-sorevnovanii. Onydi uyazvimost"
done

This approach works for any large codebase. The model focuses on the entire file, ignoring project context.

Advantages of the method:

  • Full coverage: iterating through all files.
  • CTF role sharpens focus on exploits.
  • Minimal setup: no fine-tuning or RAG.

Limitations:

Google AdInline article slot
  • False positives require manual review.
  • Scale: thousands of files generate hundreds of reports.
  • Dependency on model quality.

Key Takeaways

  • Heap overflow in NFS driver (CVE pending) allows remote kernel memory overwrite since 2003.
  • Simple script + Claude Code scales audits across the entire kernel codebase.
  • LLM progress: Opus 4.6 is orders of magnitude more effective than predecessors.
  • Bottleneck is manual validation; expect a wave of patches.
  • Auditors and attackers alike are leveling up their toolkits.

Prospects for Automated Auditing

Carlini's method democratizes kernel fuzzing. Mid- and senior-level developers can adapt the script for their projects: swap the prompt for specific tasks (memory safety, TOCTOU, race conditions). Integrating with CI/CD enables daily scans.

Michael Lynch predicts: in the coming months, a wave of vulnerabilities from kernel, libc, and drivers. Manual code review is falling behind LLMs. Recommendation—adopt a hybrid approach: model + expert verification.

For NFS specialists: monitor patches in fs/nfs. Similar buffers may lurk in other filesystems (Samba, XFS).

— Editorial Team

Advertisement 728x90

Read Next