Michael Lynch, also known as Mtlynch, is a software engineer, blogger, and open-source contributor known for his insights into technology, privacy, and personal productivity. Readers can learn about software development, privacy tools, and strategies for managing information overload. With thoughtful essays, tutorials, and productivity tips, Mtlynch offers  perspectives and strategies for navigating the complexities of modern life and technology.

Michael Lynch

Nicholas Carlini, a research scientist at Anthropic, used Claude Code to discover multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had gone undetected for 23 years. The vulnerability exists in the NFS driver: when a lock request is denied, the server writes a response of up to 1056 bytes into a 112-byte buffer, allowing an attacker to overwrite kernel memory. The discovery required minimal human oversight — a simple shell script looped Claude Code over every source file in the kernel asking it to find vulnerabilities. Carlini has found hundreds more potential bugs but lacks the time to validate and report them all. The rapid improvement of LLMs at vulnerability discovery signals a coming wave of security bug disclosures.

Claude Code Found a Linux Vulnerability Hidden for 23 Years

Özkan Pakdil

it also found 1000+ false positives.

We need to seize this opportunity to improve the security of many open-source projects.

false positives, I just can’t get over it…