DetecVFuzz: Enhancing Security in Consumer Electronic Devices Through Scalable Vulnerability Testing of Virtual Devices

The interconnection facilitated by consumer electronics has led to the creation of a complex network of devices. Testing efficiency of such consumer electronic devices can be improved through hardware emulation. QEMU is a classical emulator for simulation and testing. Fuzzing is a promising solution to test the security of such devices, which has become pivotal in identifying device vulnerability. However, Qtest libfuzzer, the QEMU native fuzzer, requires manual writing of stub code, which makes conducting the fuzzing process difficult and yields poor performance. To address these challenges in virtual device security analysis, we propose DetecVFuzz, a novel automatic fuzzing framework based on QEMU-Qtest, aiming to find vulnerabilities in virtual PCI devices, including USB, audio, network, etc. We inject mutated inputs into nested data structures as parameters of memory-related APIs to ensure the stable operation of VM procedures. We implemented DetecVFuzz and evaluated it on different virtual devices, such as virtual memory USB stack and drivers. In preliminary evaluations on nine recent versions of the QEMU, we found 15 new memory errors in virtual devices. In general, DetecVFuzz achieves 89.37% line coverage and 78.65% branch coverage in virtual devices. We identified 26 new crashes/errors, three of which were unseen new bugs.