RTCON: Context-Adaptive Function-Level Fuzzing for RTOS Kernels
Eunkyu Lee
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Fuzzing
Real-Time Operating System (RTOS) kernels power billions of IoT and embedded devices, providing Bluetooth stacks, Wi-Fi modules, and custom interfaces. Many lack security mitigations like ASLR, making even simple vulnerabilities severely exploitable. This talk presents **RTCON**, a function-level fuzzing framework that overcomes the key limitation of existing RTOS fuzzers: their inability to reach deeply nested functions where most vulnerabilities reside. RTCON solves this through **adaptive context generation** (dynamically creating valid function context at runtime), combined with **multi-layer classification** to distinguish genuine bugs from false positives.
AI review
A practical fuzzing contribution for RTOS kernels that solves the real problem of reaching deeply nested functions without manual harness construction. The adaptive context generation is technically clean, the multi-layer classification (92.7% precision) addresses the false positive problem that plagues function-level fuzzing, and 14 CVEs across four major RTOS kernels is a solid bug yield. Not groundbreaking but useful.