NecoFuzz: Effective Fuzzing of Nested Virtualization via Fuzz-Harness Virtual Machines

• URL: http://arxiv.org/abs/2512.08858v1
• Date: Tue, 09 Dec 2025 17:50:32 GMT
• Title: NecoFuzz: Effective Fuzzing of Nested Virtualization via Fuzz-Harness Virtual Machines
• Authors: Reima Ishii, Takaaki Fukai, Takahiro Shinagawa,
• Abstract summary: We present NecoFuzz, the first fuzzing framework that systematically targets nested virtualization-specific logic.<n>We implement NecoFuzz on Intel VT-x and AMD-V by extending AFL++ to support fuzz-harness.
• Score: 0.7646713951724009
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Nested virtualization is now widely supported by major cloud vendors, allowing users to leverage virtualization-based technologies in the cloud. However, supporting nested virtualization significantly increases host hypervisor complexity and introduces a new attack surface in cloud platforms. While many prior studies have explored hypervisor fuzzing, none has explicitly addressed nested virtualization due to the challenge of generating effective virtual machine (VM) instances with a vast state space as fuzzing inputs. We present NecoFuzz, the first fuzzing framework that systematically targets nested virtualization-specific logic in hypervisors. NecoFuzz synthesizes executable fuzz-harness VMs with internal states near the boundary between valid and invalid, guided by an approximate model of hardware-assisted virtualization specifications. Since vulnerabilities in nested virtualization often stem from incorrect handling of unexpected VM states, this specification-guided, boundary-oriented generation significantly improves coverage of security-critical code across different hypervisors. We implemented NecoFuzz on Intel VT-x and AMD-V by extending AFL++ to support fuzz-harness VMs. NecoFuzz achieved 84.7% and 74.2% code coverage for nested virtualization-specific code on Intel VT-x and AMD-V, respectively, and uncovered six previously unknown vulnerabilities across three hypervisors, including two assigned CVEs.

Related papers

• Mobile-VTON: High-Fidelity On-Device Virtual Try-On [75.5009105664896]
  Mobile-VTON is a high-quality, privacy-preserving framework for virtual try-on.<n>It enables fully offline virtual try-on on commodity mobile devices using only a single user image and a garment image.
  arXiv  Detail & Related papers  (2026-03-01T06:36:13Z)
• Side-Channel Attacks on Open vSwitch [1.1352077875520463]
  The Open vSwitch (OVS) is one of the most popular software-based virtual switches.<n>We present three remote attacks via OVS, breaking the confidentiality in covert environments.
  arXiv  Detail & Related papers  (2026-01-22T04:12:03Z)
• Breaking Isolation: A New Perspective on Hypervisor Exploitation via Cross-Domain Attacks [36.844941042404315]
  Cross-Domain Attacks are a class of exploitation techniques that enable capability escalation through guest memory reuse.<n>We develop a system that identifies cross-domain gadgets, matches them with corrupted pointers, synthesizes triggering inputs, and assembles complete exploit chains.
  arXiv  Detail & Related papers  (2025-12-03T20:55:26Z)
• TensorHyper-VQC: A Tensor-Train-Guided Hypernetwork for Robust and Scalable Variational Quantum Computing [50.95799256262098]
  We introduceHyper-VQC, a novel tensor-train (TT)-guided hypernetwork framework for quantum machine learning.<n>Our framework delegates the generation of quantum circuit parameters to a classical TT network, effectively decoupling optimization from quantum hardware.<n>These results positionHyper-VQC as a scalable and noise-resilient framework for advancing practical quantum machine learning on near-term devices.
  arXiv  Detail & Related papers  (2025-08-01T23:37:55Z)
• Goldilocks Isolation: High Performance VMs with Edera [0.0]
  In containerization, multiple applications share the same kernel, reducing the runtime overhead.<n>This has led to a proliferation of container escape attacks in which a kernel exploit lets an attacker escape the isolation of operating system virtualization.<n>We present Edera, an optimized type 1 hypervisor that uses paravirtualization to improve the runtime of containerization.
  arXiv  Detail & Related papers  (2025-01-08T15:51:02Z)
• Efficient High-Resolution Visual Representation Learning with State Space Model for Human Pose Estimation [60.80423207808076]
  Capturing long-range dependencies while preserving high-resolution visual representations is crucial for dense prediction tasks such as human pose estimation.<n>We propose the Dynamic Visual State Space (DVSS) block, which augments visual state space models with multi-scale convolutional operations.<n>We build HRVMamba, a novel model for efficient high-resolution representation learning.
  arXiv  Detail & Related papers  (2024-10-04T06:19:29Z)
• WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP [2.8436446946726557]
  AMD SEV-SNP offers VM-level trusted execution environments (TEEs) to protect sensitive cloud workloads. WeSee attack injects malicious #VC into a victim VM's CPU to compromise the security guarantees of AMD SEV-SNP. Case-studies demonstrate that WeSee can leak sensitive VM information (kTLS keys for NGINX), corrupt kernel data (firewall rules), and inject arbitrary code.
  arXiv  Detail & Related papers  (2024-04-04T15:30:13Z)
• Heckler: Breaking Confidential VMs with Malicious Interrupts [2.650561978417805]
  Heckler is a new attack wherein the hypervisor injects malicious non-timer interrupts to break the confidentiality and integrity of CVMs. With AMD SEV-SNP and Intel TDX, we demonstrate Heckler on OpenSSH and to bypass authentication.
  arXiv  Detail & Related papers  (2024-04-04T11:37:59Z)
• HyperVQ: MLR-based Vector Quantization in Hyperbolic Space [56.4245885674567]
  A common solution is to employ Vector Quantization (VQ) within VQ Variational Autoencoders (VQVAEs)<n>We introduce HyperVQ, a novel approach that formulates VQ as a hyperbolic Multinomial Logistic Regression (MLR) problem.<n>Our experiments demonstrate that HyperVQ matches traditional VQ in generative and reconstruction tasks, while surpassing it in discriminative performance.
  arXiv  Detail & Related papers  (2024-03-18T03:17:08Z)
• VN Network: Embedding Newly Emerging Entities with Virtual Neighbors [59.906332784508706]
  We propose a novel framework, namely Virtual Neighbor (VN) network, to address three key challenges. First, to reduce the neighbor sparsity problem, we introduce the concept of the virtual neighbors inferred by rules. Secondly, we identify both logic and symmetric path rules to capture complex patterns.
  arXiv  Detail & Related papers  (2024-02-21T03:04:34Z)
• VMamba: Visual State Space Model [98.0517369083152]
  We adapt Mamba, a state-space language model, into VMamba, a vision backbone with linear time complexity.<n>At the core of VMamba is a stack of Visual State-Space (VSS) blocks with the 2D Selective Scan (SS2D) module.
  arXiv  Detail & Related papers  (2024-01-18T17:55:39Z)
• FSD V2: Improving Fully Sparse 3D Object Detection with Virtual Voxels [57.05834683261658]
  We present FSDv2, an evolution that aims to simplify the previous FSDv1 while eliminating the inductive bias introduced by its handcrafted instance-level representation. We develop a suite of components to complement the virtual voxel concept, including a virtual voxel encoder, a virtual voxel mixer, and a virtual voxel assignment strategy.
  arXiv  Detail & Related papers  (2023-08-07T17:59:48Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.