KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
arxiv(2024)
摘要
Linux kernel vulnerability reproduction is a critical task in system
security. To reproduce a kernel vulnerability, the vulnerable environment and
the Proof of Concept (PoC) program are needed. Most existing research focuses
on the generation of PoC, while the construction of environment is overlooked.
However, establishing an effective vulnerable environment to trigger a
vulnerability is challenging. Firstly, it is hard to guarantee that the
selected kernel version for reproduction is vulnerable, as the vulnerability
version claims in online databases can occasionally be spurious. Secondly, many
vulnerabilities can not be reproduced in kernels built with default
configurations. Intricate non-default kernel configurations must be set to
include and trigger a kernel vulnerability, but less information is available
on how to recognize these configurations.
To solve these challenges, we propose a patch-based approach to identify real
vulnerable kernel versions and a graph-based approach to identify necessary
configs for activating a specific vulnerability. We implement these approaches
in a tool, KernJC, automating the generation of vulnerable environments for
kernel vulnerabilities. To evaluate the efficacy of KernJC, we build a dataset
containing 66 representative real-world vulnerabilities with PoCs from kernel
vulnerability research in the past five years. The evaluation shows that KernJC
builds vulnerable environments for all these vulnerabilities, 48.5
require non-default configs, and 4 have incorrect version claims in the
National Vulnerability Database (NVD). Furthermore, we conduct large-scale
spurious version detection on kernel vulnerabilities and identify 128
vulnerabilities which have spurious version claims in NVD. To foster future
research, we release KernJC with the dataset in the community.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要