• Stars
    star
    142
  • Rank 258,495 (Top 6 %)
  • Language
    C
  • Created about 3 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

BSOD: Binary-only Scalable fuzzing Of device Drivers

bsod-kernel-fuzzing

bsod paper

This repository contains the implementations described in "BSOD: Binary-only Scalable fuzzing Of device Drivers".

The paper and the project are based on my master's thesis with the title "Closed-Source Kernel Driver Fuzzing Through Device Emulation in QEMU", which I wrote at the Chair for Security in Telecommunications (SecT) at the TU Berlin.

During the experiments, we found and reported three vulnerabilities in the NVIDIA graphic drivers identified by CVE-2021-1090, CVE-2021-1095, and CVE-2021-1096.

Requirements

  • kvm-vmi

    The fuzzing setups rely on the KVM-VMI project that provides introspection capabilities for KVM. It consists of a modified KVM kernel module and QEMU, libkvmi and libvmi. To prepare the host, follow the Setup instructions.

  • A guest file system image for fuzzing.

    For Linux, you should consider creating a minimal rootfs.

bsod-afl

Kernel fuzzing with AFL initially based on kernel-fuzzer-for-xen-project.

bsod-syzkaller

Modified syzkaller kernel fuzzer with patches for using syz-bp-cov, a small tool that provides coverage feedback via breakpoints intended for fuzzing closed-source targets.

bsod-fakedev

QEMU with pci-replay device and implementation based on a nvidia reference device and scripts to extract pci-replay data out of QEMU's vfio trace data.