English

SyzParam: Introducing Runtime Parameters into Kernel Driver Fuzzing

Cryptography and Security 2025-01-20 v1 Operating Systems

Abstract

This paper introduces a novel fuzzing framework, SyzParam which incorporates runtime parameters into the fuzzing process. Achieving this objective requires addressing several key challenges, including valid value extraction, inter-device relation construction, and fuzz engine integration. By inspecting the data structures and functions associated with the LKDM, our tool can extract runtime parameters across various drivers through static analysis. Additionally, SyzParam collects inter-device relations and identifies associations between runtime parameters and drivers. Furthermore, SyzParam proposes a novel mutation strategy, which leverages these relations and prioritizes parameter modification during related driver execution. Our evaluation demonstrates that SyzParam outperforms existing fuzzing works in driver code coverage and bug-detection capabilities. To date, we have identified 30 unique bugs in the latest kernel upstreams, with 20 confirmed and 14 patched into the mainline kernel, including 9 CVEs.

Keywords

Cite

@article{arxiv.2501.10002,
  title  = {SyzParam: Introducing Runtime Parameters into Kernel Driver Fuzzing},
  author = {Yue Sun and Yan Kang and Chenggang Wu and Kangjie Lu and Jiming Wang and Xingwei Li and Yuhao Hu and Jikai Ren and Yuanming Lai and Mengyao Xie and Zhe Wang},
  journal= {arXiv preprint arXiv:2501.10002},
  year   = {2025}
}

Comments

15 pages, 9 figures

R2 v1 2026-06-28T21:09:01.859Z