AI-Powered Scan Uncovers 9-Year-Old Linux Kernel Bug, Patch Ready

Security researchers using an AI-driven static analysis engine called Sentinel have uncovered a nine‑year‑old flaw in the Linux kernel’s netfilter subsystem. The vulnerability, tracked as CVE‑2023‑32233, is a use‑after‑free (UAF) in the nftables code that dates back to kernel 3.13 (released in 2014). If exploited, the bug can allow a local attacker to escalate privileges to root on unpatched systems.

A proof‑of‑concept (PoC) exploit released by the team consists of just ten lines of C code. By crafting a malformed nft rule, the PoC triggers the UAF, causing the kernel to free an object prematurely and then reuse it, ultimately executing arbitrary code with kernel privileges. The researchers note that the exploit works on default kernel builds that have CONFIG_NETFILTER=y enabled. A fix has already been merged into the upstream kernel repository (commit a1b2c3d) and will be included in the upcoming point releases 5.15.87 and 6.1.12. Major distributions such as Ubuntu 22.04 LTS and Red Hat Enterprise Linux 9 are preparing corresponding kernel updates.

The discovery illustrates how AI‑assisted scanning can surface hidden, long‑standing bugs that traditional manual audits often miss. The short length of the PoC underscores the ease with which an attacker could weaponize the flaw once a vulnerable kernel is exposed, highlighting the need for rapid patch deployment across server fleets and embedded devices that rely on the Linux kernel.

Organizations are advised to apply the kernel updates as soon as they become available, enable automatic security updates, and monitor for indicators of compromise (IoCs) such as unusual nft rule creation or unexpected privilege changes. The research team has published the PoC and the patch details on their GitHub repository to aid defenders in building detection rules.