To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux' Wireless Stacks through VirtIO Devices
Jan Sönke Huster, Matthias Hollick, Jiska Classen
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 5
In a compelling presentation at IEEE S&P, Jan Sönke Huster, alongside Matthias Hollick and Jiska Classen, unveiled "To Boldly Go Where No Fuzzer Has Gone Before," a groundbreaking paper detailing a novel fuzzing framework designed to uncover vulnerabilities in Linux's wireless communication stacks. The talk introduces "Verf" (derived from VirtIO fuzzer), a custom fuzzer that leverages **VirtIO devices** within a **QEMU** virtualized environment to achieve unprecedented depth and authenticity in testing critical kernel components. The research highlights a significant blind spot in existing security testing methodologies for wireless subsystems, demonstrating Verf's capability to penetrate previously untouched areas of the Linux kernel.
AI review
This research introduces Verf, a highly innovative fuzzer leveraging a custom VirtIO device to penetrate and uncover significant vulnerabilities in Linux's wireless stacks. Its ability to simulate real hardware and use authentic network traffic as seeds led to the discovery of 31 severe, remotely exploitable flaws, including RCEs in Wi-Fi and Bluetooth, many affecting Android. This work sets a new bar for kernel fuzzing authenticity and depth.