GREBE is an object-driven tool to identify Multiple Error Behavior of kernel bugs. GREBE consists of two components -- a static analysis tool to identify critical kernel objects of triggering the bug, and a fuzzing tool based Syzkaller to find its other error behavior. Refer to our paper for more details.
You find a low-severity bug in kernel, and would like to know the true effect of the bug. Examples: CVE-2021-3715
You find a high-severity bug, and would like to know the bug's other memory corruption capability.
see here
patch [target_kernel_dir]/kernel/kcov.c -p1 < ./kernel.patchexport OBJ_FILE=[the_absolute_path_to_the_file_containing_critical_objects]
make CC=[path_to_our_gcc] -j`nproc`The fuzzer works like Syzkaller. It is noted that you should pass a POC to the syz-manager with -auxiliary flag.
@INPROCEEDINGS{9833683,
author={Lin, Zhenpeng and Chen, Yueqi and Wu, Yuhang and Mu, Dongliang and Yu, Chensheng and Xing, Xinyu and Li, Kang},
booktitle={2022 IEEE Symposium on Security and Privacy (SP)},
title={GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs},
year={2022},
pages={2078-2095},
doi={10.1109/SP46214.2022.9833683}
}