From proof-of-concept to exploitable
Exploitability assessment of vulnerabilities is important for both defenders and attackers. Existing solutions usually explore in depth the crashing paths and assess exploitability by finding exploitable states along the paths. However, exploitable states do not always exist in crashing paths. This paper utilizes oriented fuzzing to explore diverging paths from the vulnerability point and presents a novel solution to generate exploits for userspace programs and facilitate the process of crafting a kernel UAF exploit.