Submitted:
30 December 2025
Posted:
31 December 2025
You are already at the latest version
Abstract
We integrate static taint analysis with dynamic fuzzing to target high-impact kernel code paths. A pruning mechanism removes irrelevant taint propagation, while symbolic constraints are applied only to tainted regions to control overhead. Evaluated on 18 kernel subsystems, the hybrid fuzzer achieves 44% more taint-relevant path hits, identifying 13 bugs, including buffer overflows and pointer dereferences. Symbolic overhead remains limited (≤18%) through selective propagation. This hybrid design efficiently directs fuzzing toward semantically meaningful kernel logic, demonstrating a productive balance of taint tracking and dynamic mutation.
Keywords:
taint analysis
; hybrid fuzzing
; selective propagation
; symbolic constraint
; kernel security
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
