82
ChatGPT's o3 Model Found Remote Zeroday in Linux Kernel Code
(linuxiac.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 31 May 2025
82 points (78.1% liked)
Linux
55706 readers
944 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
I'm skeptical of this. The primary maintainer of
curlsaid that all of their AI bug submissions have been bunk and wasted their time. This seems like a lucky one-off rather than anything substantial.Of course, if you read the article you'll see that the model found the bugk 8 out of 100 attempts.
It was prompted what type of issue to look for.
I meant one-off that it worked on this code base rather than how many times it found the issue. I don't expect it to work eight out of a hundred times on any and all projects.
this summarizes most cases of ai "success". people see generative ai generating good results once and then extrapolate that they're able to consistently generate good results, but the reality is that most of what it generates is bullshit and the cases of success are a minority of the "content" ai is generating, curated by actual people
Curated by experts, specifically. Seeing a lot of people use this stuff and flop, even if they're not doing it with any intention to spam.
I think the curl project gets a lot of spam because 1) it has a bug bounty with a payout and 2) kinda fits with CVE bloat phenomenon where people want the prestige of "discovering" bugs so that they can put it on their resumes to get jobs, or whatever. As usual, the monetary incentive is the root of the evil.