KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
Linux kernel vulnerability reproduction is a critical task in system security. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most existing research focuses on the generation of PoC, while the construction of environment is overlooked. However, establishing an effective vulnerable environment to trigger a vulnerability is challenging. Firstly, it is hard to guarantee that the selected kernel version for reproduction is vulnerable, as the vulnerability version claims in online databases can occasionally be incorrect. Secondly, many vulnerabilities cannot be reproduced in kernels built with default configurations. Intricate non-default kernel configurations must be set to include and trigger a kernel vulnerability, but less information is available on how to recognize these configurations.
KernJC is a vulnerability reproduction tool for Linux kernel. The goal of KernJC is to construct reproducible environments for Linux kernel vulnerabilities, where the real vulnerable kernel version is compiled with the correct kernel configs to make the vulnerability available and triggerable.
Main Features:
- Auto-detect and avoid spurious vulnerable version claims from online databases (e.g., NVD).
- Auto-resolve vulnerability related kernel config dependencies.
- Docker-like interface for vulnerability reproduction process management.
- Incremental update of local knowledge base (Information of vulnerabilities and patches).
The workflow of KernJC is shown as below: