Claude Code Found a Linux Vulnerability Hidden for 23 Years

claude

2026-04-04 | Source: HN | Original article

Claude Code, Anthropic’s multi‑agent coding assistant, has uncovered a critical flaw in the Linux kernel that has gone unnoticed for 23 years. By pointing the model at the entire kernel source and asking it to “find security vulnerabilities,” the system automatically indexed every file, flagged a use‑after‑free condition in the netfilter subsystem, and produced a reproducible proof‑of‑concept exploit. The bug, tracked as CVE‑2026‑XXXX, allows local privilege escalation and could be chained with existing remote‑code‑execution vectors to gain full system control. The discovery matters on several fronts. First, it demonstrates that large‑language‑model‑driven code analysis can outperform traditional static‑analysis tools, especially when applied at scale across massive codebases. Second, the vulnerability’s longevity underscores how even the most scrutinised open‑source projects can harbor deep flaws, raising questions about the adequacy of current auditing practices. Third, the episode adds to a growing list of security‑related incidents involving Claude Code, from the accidental source‑code leak reported earlier this month to the token‑hacking tricks that have been circulating among developers. Anthropic has already issued a patch to the mainline kernel and is working with the Linux Security Team to roll it out across distributions. What to watch next is how the security community reacts to AI‑assisted vulnerability hunting. Expect a surge in similar “AI‑first” audits, as well as a push for responsible disclosure frameworks that accommodate rapid, automated discovery. Anthropic has pledged to open‑source the indexing script that powered the search, which could become a de‑facto standard for AI‑driven code review. Regulators may also start probing the liability of AI tools that expose or inadvertently create exploits. The episode marks a watershed moment: AI is no longer just a coding aid—it is now a potent instrument in the ongoing battle for software security.

Sources

Back to AIPULSEN