Linux Security Summit North America 2025

The popularity of fuzzing has led to its tight integration
into the software development process as a routine part
of the build and test, i.e., continuous fuzzing. This has
resulted in a substantial increase in the reporting of bugs
in open-source software, including the Linux kernel. To
keep up with the volume of bugs, it is crucial to automatically analyze the bugs to assist developers and maintain-
ers. Bug bisection, i.e., locating the commit that introduced a vulnerability, is one such analysis that can reveal
the range of affected software versions and help bug prioritization and patching. However, existing automated
solutions fall short in a number of ways: most of them either (1) directly run the same PoC on older software ver-
sions without adapting to changes in bug-triggering conditions and are prone to broken dynamic environments
or (2) require patches that may not be available when
the bug is discovered. In this work, we take a different approach to looking for evidence of fuzzer-exposed
vulnerabilities by looking for the underlying bug logic.
In this way, we can perform bug bisection much more
precisely and accurately.