Claude Code Discovers 23-Year-Old Linux Kernel Vulnerability

Researcher Nicholas Carlini used Claude Code to identify a heap buffer overflow in Linux's NFSv4.0 LOCK replay cache mechanism that had existed undetected for 23 years. The AI coding agent found the vulnerability while systematically analyzing Linux kernel source files through a script that framed the task as a capture-the-flag competition.

The Vulnerability Affects NFS Servers With 1056-Byte Overflow

The bug involves a 112-byte memory buffer (NFSD4_REPLAY_ISIZE) that caches NFS operations. When processing lock denial responses, the kernel writes owner ID information up to 1024 bytes into this limited space, causing a 1056-byte overflow. The attack requires two cooperating NFS clients: Client A establishes a lock with an unusually large 1024-byte owner ID, then Client B attempts the same lock, triggering a denial response that overflows the buffer with attacker-controlled data. This allows reading sensitive kernel memory over the network.

AI Agent Discovered Hundreds of Potential Security Issues

Carlini reported finding hundreds of potential bugs total, with at least five confirmed vulnerabilities reported to Linux maintainers. "We now have a number of remotely exploitable heap buffer overflows...I have never found one of these in my life before," Carlini stated. The discovery demonstrates how AI coding agents can perform systematic security analysis that humans might miss during manual code review.

Community Response Highlights AI's Security Research Potential

The story gained significant attention on Hacker News with 163 points and 98 comments after being posted on April 3, 2026. The discovery showcases a practical application of AI agents in vulnerability research, where systematic analysis of large codebases can uncover long-standing security issues that escaped traditional review processes.

Key Takeaways

Claude Code identified a 23-year-old heap buffer overflow in Linux's NFSv4.0 LOCK replay cache mechanism affecting NFS servers
The vulnerability allows a 1056-byte overflow through a 112-byte buffer, enabling remote reading of sensitive kernel memory
Researcher Nicholas Carlini discovered hundreds of potential bugs using AI-assisted analysis, with at least five confirmed vulnerabilities
The attack requires two cooperating NFS clients to trigger the overflow with attacker-controlled data
The discovery demonstrates AI coding agents' capability for systematic security analysis at scale

The Vulnerability Affects NFS Servers With 1056-Byte Overflow

AI Agent Discovered Hundreds of Potential Security Issues

Community Response Highlights AI's Security Research Potential

Key Takeaways

Claude Code identified a 23-year-old heap buffer overflow in Linux's NFSv4.0 LOCK replay cache mechanism affecting NFS servers

The vulnerability allows a 1056-byte overflow through a 112-byte buffer, enabling remote reading of sensitive kernel memory

Researcher Nicholas Carlini discovered hundreds of potential bugs using AI-assisted analysis, with at least five confirmed vulnerabilities

The attack requires two cooperating NFS clients to trigger the overflow with attacker-controlled data

The discovery demonstrates AI coding agents' capability for systematic security analysis at scale