Skip to content

Markakd/GREBE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GREBE

GREBE is an object-driven tool to identify Multiple Error Behavior of kernel bugs. GREBE consists of two components -- a static analysis tool to identify critical kernel objects of triggering the bug, and a fuzzing tool based Syzkaller to find its other error behavior. Refer to our paper for more details.

Usage scenario

You find a low-severity bug in kernel, and would like to know the true effect of the bug. Examples: CVE-2021-3715

You find a high-severity bug, and would like to know the bug's other memory corruption capability.

How to use fuzzer

Identify critical objects with the analyzer

see here

Patch kernel to support object coverage feedback

patch [target_kernel_dir]/kernel/kcov.c -p1 < ./kernel.patch

Build kernel with our gcc

export OBJ_FILE=[the_absolute_path_to_the_file_containing_critical_objects]
make CC=[path_to_our_gcc] -j`nproc`

Run the fuzzer

The fuzzer works like Syzkaller. It is noted that you should pass a POC to the syz-manager with -auxiliary flag.

Acknowledge

@INPROCEEDINGS{9833683,
author={Lin, Zhenpeng and Chen, Yueqi and Wu, Yuhang and Mu, Dongliang and Yu, Chensheng and Xing, Xinyu and Li, Kang},
booktitle={2022 IEEE Symposium on Security and Privacy (SP)},
title={GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs},
year={2022},
pages={2078-2095},
doi={10.1109/SP46214.2022.9833683}
}

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published