Mitigating Security Risks in Linux with KLAUS: A Method for Evaluating Patch Correctness


Yuhang Wu and Zhenpeng Lin, Northwestern University; Yueqi Chen, University of Colorado Boulder; Dang K Le, Northwestern University; Dongliang Mu, Huazhong University of Science and Technology; Xinyu Xing, Northwestern University


The Linux kernel's growth introduces daily bugs that are often detected and eliminated using code analyzers. However, creating accurate Linux patches remains challenging and poses security risks. To address this, we manually analyzed 182 incorrectly developed Linux kernel patches and discovered that the inaccuracies usually result from changes to variable read and write operations by the patch. Based on this finding, we created KLAUS, a new method for evaluating patch quality.

KLAUS leverages abstract interpretation to extract modified read and write operations caused by the patch in the Linux kernel. It combines these alterations with branch-resolving mechanisms to guide a kernel fuzzer toward relevant code and contexts. Testing KLAUS on numerous real-world Linux kernel patches demonstrates its superior effectiveness and efficiency in detecting incorrectly developed patches. So far, KLAUS has identified and reported 30 incorrect patches to the Linux community, some of which could enable privilege escalation on Android and Ubuntu systems.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {291267,
author = {Yuhang Wu and Zhenpeng Lin and Yueqi Chen and Dang K Le and Dongliang Mu and Xinyu Xing},
title = {Mitigating Security Risks in Linux with {KLAUS}: A Method for Evaluating Patch Correctness},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
year = {2023},
isbn = {978-1-939133-37-3},
address = {Anaheim, CA},
pages = {4247--4264},
url = {},
publisher = {USENIX Association},
month = aug

Presentation Video