One Bash Script, One Weekend: How AI Uncovered a 23‑Year‑Old Linux Kernel Flaw

A Bash script written by security researcher Nicholas Carlini continuously fed each kernel source file to the large language model Claude Opus 4.6, asking the model to act like a CTF attacker and point out exploitable code. After months of noisy output, the script finally produced a concrete finding.

The model identified a severe NFSv4 overflow bug in the Linux network file‑sharing code. The flaw, present in every Linux‑based file server shipped between March 2003 and April 2026, could be triggered by a freshly‑joined intern on a guest Wi‑Fi network, granting full control over payroll files, CEO email backups, and the ability to install a persistent backdoor—all without any credentials or a second vulnerability.

Carlini traced the bug to a commit from March 2003, predating the creation of Git itself. He noted that every Linux storage device released in the past two decades carries this defect, a fact he emphasized during a talk at the AI Security Conference.

While Carlini’s script was inexpensive—requiring only a single operator and a weekend of compute—the payoff was enormous. The discovery coincided with the release of Linux 7.0 on 12 April 2026, where Linus Torvalds declared AI‑assisted vulnerability hunting “the new normal.”

Greg Kroah‑Hartman, maintainer of the stable kernel branch, reported that his security‑mailbox, once flooded with AI‑generated junk, suddenly began receiving high‑quality reports: precise line numbers, reproducible exploits, and thorough root‑cause analyses. He attributed the shift to either a rapid improvement in large‑model code‑understanding or a coordinated effort by security researchers to scan legacy code with AI.

Google researcher Roman Gushchin’s Rust‑based tool Sashiko was evaluated on a thousand real‑world patches and detected 53 % of the subsequently confirmed bugs that human reviewers missed, illustrating the tangible benefit of AI‑assisted scanning.

In response, the kernel community updated security‑bugs.rst to require a dual‑submission workflow: both human researchers and AI agents must use the same process, and AI‑generated patches must carry an Assisted‑by: tag indicating the model used. The policy was spurred by an incident where a fully AI‑written NVIDIA driver patch passed initial review but introduced performance regressions.

Linux 7.0 also marks the culmination of a four‑year battle to integrate Rust into the kernel. After initial resistance, Rust was promoted from an experimental flag in 6.1 to a first‑class language in 7.0, with drivers such as the NVIDIA Nova GPU driver and a Rust‑based DRM framework now upstream. Proponents who championed Rust left the project after its acceptance, while long‑time C‑only maintainers stepped down, underscoring the cultural shift.

Safe Rust eliminates entire classes of classic bugs—buffer overflows, use‑after‑free, and null‑pointer dereferences—making the 23‑year‑old NFSv4 overflow impossible in Rust code.

The release also introduced the xfs_healer daemon, which automatically repairs single‑bit metadata corruptions in XFS without service interruption. Previously, such errors required manual xfs_repair after a weekend outage; now they are fixed silently, improving availability for enterprises and cloud providers.

Performance‑critical workloads benefit from kernel optimizations for AMD’s EPYC 9005 “Turin” CPUs. In high‑memory‑load scenarios, SEV‑SNP encrypted VM overhead dropped to single‑digit percentages, enabling cost‑effective confidential computing for banks and hospitals.

Three new HID key codes (KEY_ACTION_ON_SELECTION, KEY_CONTEXTUAL_INSERT, KEY_CONTEXTUAL_QUERY) were added to the Linux input subsystem. Defined as standard, vendor‑agnostic codes, they allow any laptop manufacturer to map them to Claude, Gemini, or local LLaMA models, paving the way for universal AI‑triggered shortcuts.

In summary, the Linux 7.0 iteration delivers four major changes:

AI now participates in kernel patch review with a 53 % detection rate.

A 23‑year‑old kernel vulnerability was uncovered by a single Bash script.

AI contributions are formally credited via new tagging conventions.

Three standardized AI‑activation keyboard keys have been added to the input subsystem.

These developments illustrate how AI, Rust, and automated self‑healing mechanisms are reshaping kernel development, security, and operations.