FUZE - Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities

Explore a conference talk on FUZE, a framework designed to facilitate exploit generation for kernel Use-After-Free (UAF) vulnerabilities. Delve into the challenges of accurately determining exploitability and the need for automated techniques. Learn how FUZE combines kernel fuzzing with symbolic execution to identify and analyze system calls useful for kernel UAF exploitation. Discover the framework's implementation on a 64-bit Linux system and its effectiveness in escalating exploitability and diversifying working exploits for 15 real-world kernel UAF vulnerabilities. Gain insights into how FUZE can aid in security mitigation bypassing and make exploitability evaluation more efficient and less labor-intensive.

Intro
Background (cont.)
Crafting an Exploit for Kernel Use-After-Free
Needs Intensive Manual Efforts
Needs Extensive Expertise in Kernel
Needs Security Expertise
Some Past Research Potentially Tackling the Challenges
A Real World Example (CVE-2017-15649)
No Primitive Needed for Exploitation
Roadmap
FUZE - Extracting Critical Info.
FUZE - Performing Kernel Fuzzing
FUZE - Performing Symbolic Execution
Useful primitive identification
Case Study (cont)
Discussion on Failure Cases
Conclusion
Questions
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION