No Fuzzer has been there yet: Finding Bugs in Linux Wireless Stacks
12-29, 19:00–20:00 (Europe/Berlin), HIP - Track 1 - Room 5
Language: English

Everything started with a Python script that helped discover a memory leak in the Linux Bluetooth stack. After expanding it to a rock-solid fuzzer targeting the Linux Bluetooth stack and discovering more bugs, we extend it to Wi-Fi. 💥 BOOM 💥! A heap overflow (CVE-2022-41674) and more severe vulnerabilities that do not require user interaction and also affect Android devices.

This talk introduces how (kernel) fuzzing works and how our fuzzer for Linux wireless interfaces works specifically. I will show some issues we stumbled upon and how we solved them. Finally, I discuss some of the vulnerabilities it found and will provide some insight into the disclosure process.

This talk is beginner-friendly: If you have never heard of Fuzzing or do not have any pre-knowledge regarding security, don't worry but please come and you will learn something new and interesting. :)

See also: Slides (PDF) (3.0 MB)

After obtaining his master degree in computer science at TU Darmstadt, Sönke currently works as security researcher at the Secure Mobile Networking Lab (TU Darmstadt).