Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing
文献类型:期刊论文
| 作者 | Li, Xingwei1; Kang, Yan2,3; Wu, Chenggang2,3; Liu, Danjun4; Wang, Jiming2,3; Sun, Yue2,3; Wu, Zehui1; Wang, Yunchao1; Ma, Rongkuan1; Wei, Qiang1 |
| 刊名 | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
 |
| 出版日期 | 2025 |
| 卷号 | 20页码:5224-5239 |
| 关键词 | Computer bugs Fuzzing Kernel Radio frequency Sockets Linux Cloning Virtual machines Bridges Training Linux kernel bug reproduction kernel fuzzing kernel bugs vulnerability Syzkaller |
| ISSN号 | 1556-6013 |
| DOI | 10.1109/TIFS.2025.3562704 |
| 英文摘要 | The Linux kernel remains vulnerable to numerous bugs, with approximately 65% detected by Syzkaller lacking Proof-of-Concept (PoC), hampering risk mitigation efforts. These bugs, termed irreproducible kernel bugs, highlight the challenge of statefulness issue-related irreproducibility in kernel fuzzing, which is an open research without definitive solutions. Our investigation reveals that suboptimal seed quality distribution in fuzzing is the root obstacle preventing effective tracking of the states leading to crashes. Inspired by this insight, we introduce Reverse Fuzzing ( RF ), an innovative approach that infers hard-to-reach states by continuously reverse-oriented deriving from subsequently encountered bridge states to increase reproduction probability. RF differentiates between the "trigger" seed, which directly causes crashes, and "activator" seeds, which establish the necessary preconditions, prioritizing exploration around trigger while simultaneously regenerating and maintaining activators during fuzzing, which effectively facilitate restructuring such elusive states from "yesterday". We implement YOME , a prototype leveraging RF to strike a balance between fuzzing efficiency and effectiveness through customized scheduling and mutation strategies, armed with a refinement mechanism to improve seed quality distribution. Our evaluations validate that YOME reproduces 110% more bugs than previous kernel fuzzers and demonstrate its practicality in real-world scenarios. YOME generated 125 PoCs (30.1% of the total) and uncovered 23 unique bugs, with 40 confirmed and 5 assigned CVEs. |
| 资助项目 | National Natural Science Foundation of China (NSFC)[62272442] ; National Natural Science Foundation of China (NSFC)[61902374] ; National Natural Science Foundation of China (NSFC)[U1736208] ; Innovation Funding of the Institute of Computing Technology (ICT), Chinese Academy of Sciences (CAS)[E161040] |
| WOS研究方向 | Computer Science ; Engineering |
| 语种 | 英语 |
| WOS记录号 | WOS:001525472200001 |
| 出版者 | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/42030]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Wu, Chenggang |
| 作者单位 | 1.Informat Engn Univ, Zhengzhou 450001, Peoples R China 2.Chinese Acad Sci, Inst Comp Technol, SKLP, Beijing 056001, Peoples R China 3.Univ Chinese Acad Sci, Beijing 056001, Peoples R China 4.Natl Univ Def Technol, Changsha 410073, Peoples R China |
| 推荐引用方式 GB/T 7714 | Li, Xingwei,Kang, Yan,Wu, Chenggang,et al. Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY,2025,20:5224-5239. |
| APA | Li, Xingwei.,Kang, Yan.,Wu, Chenggang.,Liu, Danjun.,Wang, Jiming.,...&Wei, Qiang.(2025).Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing.IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY,20,5224-5239. |
| MLA | Li, Xingwei,et al."Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing".IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 20(2025):5224-5239. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。