Automatic Hot Patch Generation for Android Kernels


Zhengzi Xu, Nanyang Technological University; Yulong Zhang, Longri Zheng, Liangzhao Xia, and Chenfu Bao, Baidu X-Lab; Zhi Wang, Florida State University; Yang Liu, Nanyang Technological University


The rapid growth of the Android ecosystem has led to the fragmentation problem where a wide range of (customized) versions of Android OS exist in the market. This poses a severe security issue as it is very costly for Android vendors to fix vulnerabilities in their customized Android kernels in time. The recent development of the hot patching technique provides an ideal solution to solve this problem since it can be applied to a wide range of Android kernels without interrupting their normal functionalities. However, the current hot patches are written by human experts, which can be time-consuming and error-prone.

To this end, we first study the feasibility of automatic patch generation from 373 Android kernel CVEs ranging from 2012 to 2016. Then, we develop an automatic hot patch generation tool, named VULMET, which produces semantic preserving hot patches by learning from the official patches. The key idea of VULMET is to use the weakest precondition reasoning to transform the changes made by the official patches into the hot patch constraints. The experiments have shown that VULMET can generate correct hot patches for 55 real-world Android kernel CVEs. The hot patches do not affect the robustness of the kernels and have low performance overhead.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {244040,
author = {Zhengzi Xu and Yulong Zhang and Longri Zheng and Liangzhao Xia and Chenfu Bao and Zhi Wang and Yang Liu},
title = {Automatic Hot Patch Generation for Android Kernels},
booktitle = {29th {USENIX} Security Symposium ({USENIX} Security 20)},
year = {2020},
isbn = {978-1-939133-17-5},
pages = {2397--2414},
url = {},
publisher = {{USENIX} Association},
month = aug,

Presentation Video

Download Video