Using the “World’s Worst Fuzzer” To Find A Kernel Bug In The FiiO M6

We discussed this vulnerability during Episode 192 on 28 February 2023

World’s worst fuzzer, leading to a traditional stack overflow in the kernel. Really not much to say about the vulnerability, copy_from_user with no bounds check into a fixed sized buffer on the stack. Fuzzing technique was a little fun though, just iterated over everything with write permissions and wrote random garbage until they got a crash.