Skip to content

BSOD: Binary-only Scalable fuzzing Of device Drivers

Notifications You must be signed in to change notification settings

fgsect/bsod-kernel-fuzzing

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

bsod-kernel-fuzzing

bsod paper

This repository contains the implementations described in "BSOD: Binary-only Scalable fuzzing Of device Drivers".

The paper and the project are based on my master's thesis with the title "Closed-Source Kernel Driver Fuzzing Through Device Emulation in QEMU", which I wrote at the Chair for Security in Telecommunications (SecT) at the TU Berlin.

During the experiments, we found and reported three vulnerabilities in the NVIDIA graphic drivers identified by CVE-2021-1090, CVE-2021-1095, and CVE-2021-1096.

Requirements

  • kvm-vmi

    The fuzzing setups rely on the KVM-VMI project that provides introspection capabilities for KVM. It consists of a modified KVM kernel module and QEMU, libkvmi and libvmi. To prepare the host, follow the Setup instructions.

  • A guest file system image for fuzzing.

    For Linux, you should consider creating a minimal rootfs.

Kernel fuzzing with AFL initially based on kernel-fuzzer-for-xen-project.

Modified syzkaller kernel fuzzer with patches for using syz-bp-cov, a small tool that provides coverage feedback via breakpoints intended for fuzzing closed-source targets.

QEMU with pci-replay device and implementation based on a nvidia reference device and scripts to extract pci-replay data out of QEMU's vfio trace data.

About

BSOD: Binary-only Scalable fuzzing Of device Drivers

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 82.8%
  • Python 11.9%
  • Shell 2.3%
  • Dockerfile 1.9%
  • CMake 0.6%
  • Makefile 0.4%
  • Meson 0.1%