Analyzing the Linux Kernel in Userland with AFL and KLEE
Title image: AFL: Creative Commons Attribution 3.0 Unported Tux: By lewing@isc.tamu.edu KLEE: Creative Commons Attribution 3.0 Unported Analyzing the Linux Kernel in Userland with AFL and KLEE At GRIMM we do a lot of vulnerability research and one of our favorite techniques for finding bugs in software is to repurpose or extend security tools from one area of research to another. One great example of this is when Juwei Lin and Lilang Wu ported syzkaller , the popular Linux kernel fuzzer, to macOS. Their research undercovered several bugs in the macOS kernel, including two that they were able to exploit to perform a local privilege escalation. As part of a side project here at GRIMM, we’ve been analyzing the RHEL 7.7 kernel. In order to help analyze the kernel, we modified several portions of the kernel to work with existing tools typically used in Linux userland vulnerability research. The Linux userland environment has a much wider range of tools available to help w