A Comprehensive Memory Safety Analysis of Bootloaders
Jianqiang Wang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Hard- & Firmware Security
This presentation, delivered by Jianqiang Wang on behalf of the authors, delves into a comprehensive memory safety analysis of bootloaders, a critical component in the secure boot chain of modern computing systems. The talk highlights the often-overlooked attack surface presented by bootloaders and their profound impact on system security. By systematically analyzing existing vulnerabilities and developing a novel fuzzing framework, the researchers uncovered numerous new memory corruption flaws, underscoring the urgent need for enhanced security scrutiny in this foundational layer.
AI review
Solid systems security research with real deliverables: a novel VM-based, Intel PT-guided fuzzing framework targeting bootloader attack surfaces, 39 new vulnerabilities, 29 confirmed/patched, 5 CVEs. The threat model is tight, the tooling is purpose-built, and the comparison against CodeQL and Clang Static Analyzer gives the approach credibility beyond just a vuln count.