BSidesVienna 0x7EA

Net Shredder: Coverage-Guided Network Fuzzing for the Linux Kernel
06-27, 13:15–14:00 (Europe/Vienna), Mittlerer Saal (Track 1)

Net Shredder is a network coverage-guided fuzzer for the Linux kernel. Built with a modular approach, and focused on the ease of use, it could be adapted to fuzz other types of targets (e.g., usermode applications) as well. During development, it found three remote vulnerabilities in the Linux kernel, one of which resulted in CVE-2025-22037.


Net Shredder was built out of desire to build the simplest fuzzing setup possible for the Linux kernel:

  • Unlike grammar based fuzzing, this approach doesn’t require rewriting the protocol spec in terms of fuzzer grammar;
  • Just a basic setup and a fuzzing corpus is enough;
  • Only small target modifications required.

This talks covers building it as a solo project I did in 2025:

  • Collecting remote KCOV outside process context, turning raw PCs into edge coverage
  • The struggle of restricting coverage to the targeted subsystem (2 failed and the one that worked)
  • Three bugs it found, including CVE-2025-22037 with bug analysis.
See also: Slides

Slava is a security researcher with 15 years of experience in information security. He has found more than 60 zero-day security vulnerabilities in IoT devices, Windows, and Linux applications. Currently working in the automotive field, his greatest interests are embedded systems and Linux internals.