Slides for my "Coverage-guided USB Fuzzing with Syzkaller" talk
Conversation
Replying to
Here's a question I only came up with tonight. There seemed to be a general sentiment of the bugs not being too terribly bad, because they're hard to exploit.
But isn't that at least partially because we don't know how to properly fuzz for infoleaks?
1
1
Replying to
What we can do is to try fuzzing with KMSAN enabled. That's something on my to do list
Replying to
Might also be worth the effort to vet the crashes/DoS you found for coming from an invalid memory read with a pointer you can control.
(Could this be automated? Pin the control flow, and fuzz for control of fault address?)
1
1
1
4