Skip to content

0xf4b1/bsod-kernel-fuzzing

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

bsod-kernel-fuzzing

bsod paper

This repository contains the implementations described in "BSOD: Binary-only Scalable fuzzing Of device Drivers".

The paper and the project are based on my master's thesis with the title "Closed-Source Kernel Driver Fuzzing Through Device Emulation in QEMU", which I wrote at the Chair for Security in Telecommunications (SecT) at the TU Berlin.

During the experiments, we found and reported three vulnerabilities in the NVIDIA graphic drivers identified by CVE-2021-1090, CVE-2021-1095, and CVE-2021-1096.

Requirements

  • kvm-vmi

    The fuzzing setups rely on the KVM-VMI project that provides introspection capabilities for KVM. It consists of a modified KVM kernel module and QEMU, libkvmi and libvmi. To prepare the host, follow the Setup instructions.

  • A guest file system image for fuzzing.

    For Linux, you should consider creating a minimal rootfs.

Kernel fuzzing with AFL initially based on kernel-fuzzer-for-xen-project.

Modified syzkaller kernel fuzzer with patches for using syz-bp-cov, a small tool that provides coverage feedback via breakpoints intended for fuzzing closed-source targets.

QEMU with pci-replay device and implementation based on a nvidia reference device and scripts to extract pci-replay data out of QEMU's vfio trace data.