frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)

https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
78•ishqdehlvi•6h ago

Comments

PunchyHamster•2h ago
I'm just gonna assume it was asked to fix some bug and it wrote exploit instead
magicalhippo•2h ago
Key point is that Claude did not find the bug it exploits. It was given the CVE writeup[1] and was asked to write a program that could exploit the bug.

That said, given how things are I wouldn't be surprised if you could let Claude or similar have a go at the source code of the kernel or core services, armed with some VMs for the try-fail iteration, and get it pumping out CVEs.

If not now, then surely not in a too distant future.

[1]: https://www.freebsd.org/security/advisories/FreeBSD-SA-26:08...

fragmede•2h ago
> Credits: Nicholas Carlini using Claude, Anthropic

Claude was used to find the bug in the first place though. That CVE write-up happened because of Claude, so while there are some very talented humans in the loop, Claude is quite involved with the whole process.

magicalhippo•1h ago
> Claude was used to find the bug in the first place though. That CVE write-up happened because of Claude

Do you have a link to that? A rather important piece of context.

Wasn't trying to downplay this submission the way, the main point still stands:

But finding a bug and exploiting it are very different things. Exploit development requires understanding OS internals, crafting ROP chains, managing memory layouts, debugging crashes, and adapting when things go wrong. This has long been considered the frontier that only humans can cross.

Each new AI capability is usually met with “AI can do Y, but only humans can do X.” Well, for X = exploit development, that line just moved.

jsnell•21m ago
> Do you have a link to that? A rather important piece of context.

It was a quote from your own link from the initial post?

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:08...

> Credits: Nicholas Carlini using Claude, Anthropic

bayindirh•33m ago
Yes, that claim needs a source.
petcat•1h ago
> have a go at the source code of the kernel or core services, armed with some VMs for the try-fail iteration, and get it pumping out CVEs.

FreeBSD kernel is written in C right?

AI bots will trivially find CVEs.

pjmlp•1h ago
The Morris worm lesson is yet to be taken seriously.
pitched•1h ago
We’re here right now looking at a CVE. That has to count as progress?
Cloudef•11m ago
You can let agent churn unattended if you have some sort of known goal. Write a test that should not pass and then tell the agent to come up with something that passes the test without changing the test itself.

For this kind of fuzzing llms are not bad.

rithdmc•2h ago
Running into a meeting, so won't be able to review this for a while, but exciting. I wonder how much it cost in tokens, and what the prompt/validator/iteration loop looked like.
fragmede•2h ago
https://github.com/califio/publications/tree/main/MADBugs/CV... would have been a better link
m132•2h ago
Appreciate the full prompt history
ptx•1h ago
Well, it ends with "can you give me back all the prompts i entered in this session", so it may be partially the actual prompt history and partially hallucination.
dark-star•1h ago
they read like they were done by a 10 year old
m132•31m ago
They do, the whole tone and the lack of understanding of Docker, kernel threads, and everything else involved make it sound hilarious at first. But then you realize that this is all the human input that led to a working exploit in the end...
bluGill•16m ago
Freebsd doesn't have docker. It has jails which can serve a similar purpose but are not the same in important ways
m132•10m ago
Please at least read the context before attempting to correct me...

Here's what I'm referring to: https://github.com/califio/publications/blob/7ed77d11b21db80...

panstromek•2h ago
The talk "Black-Hat LLMs" just came out a few days ago:

https://www.youtube.com/watch?v=1sd26pWhfmg

Looks like LLMs are getting good at finding and exploiting these.

baq•1h ago
Everybody is acts so surprised as if nobody (around here of all places!) read the sama tweet in which he was hiring the Head of Preparedness... in December.

https://xcancel.com/sama/status/2004939524216910323

eru•32m ago
I never read any Twitter.
baq•5m ago
X was the primary source, it's been since reported all over the news.
ptx•1h ago
> It's worth noting that FreeBSD made this easier than it would be on a modern Linux kernel: FreeBSD 14.x has no KASLR (kernel addresses are fixed and predictable) and no stack canaries for integer arrays (the overflowed buffer is int32_t[]).

What about FreeBSD 15.x then? I didn't see anything in the release notes or the mitigations(7) man page about KASLR. Is it being worked on?

NetBSD apparently has it: https://wiki.netbsd.org/security/kaslr/

keysersoze33•13m ago
This is more of a Linux kernel criticism of KASLR, but perhaps it's related as to why it's not been a priority in FreeBSD (i.e. it gives a false sense of safety and rather focus on 'proper' security hardening): https://forums.freebsd.org/threads/truth-about-linux-4-6-sec...

Claude Code Unpacked : A visual guide

https://ccunpacked.dev/
559•autocracy101•6h ago•159 comments

CERN levels up with new superconducting karts

https://home.cern/news/news/engineering/cern-levels-new-superconducting-karts
174•fnands•4h ago•46 comments

Intuiting Pratt Parsing

https://louis.co.nz/2026/03/26/pratt-parsing.html
38•signa11•1d ago•10 comments

Show HN: CLI to order groceries via reverse-engineered REWE API (Haskell)

https://github.com/yannick-cw/korb
108•wazHFsRy•2d ago•38 comments

Solar panels at Lidl? Plug-in versions set to appear in shops

https://www.thisismoney.co.uk/money/bills/article-15673955/Solar-panels-Lidl-Plug-versions-set-ap...
30•ZeljkoS•3h ago•34 comments

Wasmer (YC S19) Is Hiring – Rust and DevRel Positions

https://www.workatastartup.com/companies/wasmer
1•syrusakbary•10m ago

Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)

https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
78•ishqdehlvi•6h ago•24 comments

Chess in SQL

https://www.dbpro.app/blog/chess-in-pure-sql
84•upmostly•2d ago•19 comments

A dot a day keeps the clutter away

https://scottlawsonbc.com/post/dot-system
371•scottlawson•14h ago•101 comments

Show HN: 1-Bit Bonsai, the First Commercially Viable 1-Bit LLMs

https://prismml.com/
293•PrismML•15h ago•118 comments

TinyLoRA – Learning to Reason in 13 Parameters

https://arxiv.org/abs/2602.04118
190•sorenjan•4d ago•23 comments

I Quit. The Clankers Won

https://dbushell.com/2026/04/01/i-quit-the-clankers-won/
11•domysee•3h ago•4 comments

TruffleRuby

https://chrisseaton.com/truffleruby/
143•tosh•3d ago•16 comments

In Case of Emergency, Make Burrito Bison 3 (2017)

https://juicybeast.com/2017/08/03/in-case-of-emergency-make-burrito-bison-3/
14•amarcheschi•1d ago•5 comments

MiniStack (replacement for LocalStack)

https://ministack.org/
246•kerblang•15h ago•46 comments

The Claude Code Source Leak: fake tools, frustration regexes, undercover mode

https://alex000kim.com/posts/2026-03-31-claude-code-source-leak/
1224•alex000kim•23h ago•498 comments

Bring Back MiniDV with This Raspberry Pi FireWire Hat

https://www.jeffgeerling.com/blog/2026/minidv-with-raspberry-pi-firewire-hat/
72•ingve•3d ago•12 comments

Why the US Navy won't blast the Iranians and 'open' Strait of Hormuz

https://responsiblestatecraft.org/iran-strait-of-hormuz/
365•KoftaBob•1d ago•991 comments

Slop is not necessarily the future

https://www.greptile.com/blog/ai-slopware-future
255•dakshgupta•21h ago•410 comments

OpenAI closes funding round at an $852B valuation

https://www.cnbc.com/2026/03/31/openai-funding-round-ipo.html
466•surprisetalk•16h ago•410 comments

Neanderthals survived on a knife's edge for 350k years

https://www.science.org/content/article/neanderthals-survived-knife-s-edge-350-000-years
162•Hooke•10h ago•126 comments

6o6 v1.1: Faster 6502-on-6502 virtualization for a C64/Apple II Apple-1 emulator

http://oldvcr.blogspot.com/2026/03/6o6-v11-faster-6502-on-6502.html
11•classichasclass•3d ago•0 comments

4D Doom

https://github.com/danieldugas/HYPERHELL
222•chronolitus•4d ago•53 comments

Open source CAD in the browser (Solvespace)

https://solvespace.com/webver.pl
341•phkahler•23h ago•104 comments

Digitizing photos from the 1998 Game Boy Camera

https://swiftrocks.com/digitizing-photos-from-the-1998-game-boy-camera
56•rockbruno•3d ago•10 comments

Axios compromised on NPM – Malicious versions drop remote access trojan

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-t...
1859•mtud•1d ago•747 comments

Teenage Engineering's PO-32 acoustic modem and synth implementation

https://github.com/ericlewis/libpo32
127•ericlewis•4d ago•26 comments

Ordinary Lab Gloves May Have Skewed Microplastic Data

https://nautil.us/ordinary-lab-gloves-may-have-skewed-microplastic-data-1279386
110•WaitWaitWha•14h ago•43 comments

Analyzing Geekbench 6 under Intel's BOT

https://www.geekbench.com/blog/2026/03/analyzing-geekbench-6-under-intels-bot/
34•hajile•8h ago•13 comments

Remembering Magnetic Memories and the Apollo AGC

https://2earth.github.io/website/20260304.html
10•2earth•4h ago•2 comments