Fuzzing Host-to-Guest Attack Surface in Android Protected KVM

Explore the security implications of Android 13's native virtualization services built on Protected KVM (pKVM) for arm64 devices in this informative conference talk. Delve into the analysis of the new attack surface exposed by guest device drivers processing untrusted input from potentially malicious host-emulated devices. Learn about a fuzzing solution based on the Linux Kernel Library (LKL) project, designed to identify vulnerabilities in virtio front-end and PCI device drivers. Discover the details of implementing this fuzzing technique in the context of pKVM, examine interesting findings, and understand how this tool can be applied more broadly in the Linux kernel. Gain insights into the challenges, existing efforts, and future work in mitigating host-to-guest attack vectors in Android Protected KVM.

Introduction
Android Protected KVM
Security Concepts
Attack Surface
Existing efforts
Why fuzz
Challenges
LKL
Overview
Use Case
Code
Example
Root Cause
Patches
Issues
Conclusion
Future work
Questions