SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem
Xiaochen Zou
Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Software Security
Continuous fuzzing, exemplified by platforms like **syzbot**, has become an indispensable component of the Linux kernel development ecosystem, successfully unearthing thousands of bugs. However, a significant and puzzling disparity exists: despite numerous bugs being classified as high-risk by advanced exploitability assessment tools such as SyzScope and KOOBE, only a minuscule fraction ever translate into real-world exploits against production Linux distributions like Ubuntu or Fedora. This talk, presented by Xiaochen Zou, critically examines this "exploitability gap," challenging the prevailing assumption that Proof-of-Concepts (PoCs) developed for upstream, development-oriented kernels will seamlessly apply to the diverse landscape of downstream production kernels.