Fuzzing for eBPF JIT bugs in the Linux kernel
Inspired by Manfred Paul‘s amazing write-up of an eBPF JIT verifier bug, I wanted to find out if there have been any significant changes to the Linux eBPF verifier since the publication of Manfred’s bug and if there was an easy way to fuzz the verifier.
As it turns outs, the commit that fixed the issue reported by Manfred earlier this year introduced a new bug into the verifier, namely CVE-2020-27194.