EPS
← All batches·2605.13246

Automatic Detection of Reference Counting Bugs in Linux Kernel Drivers

topic: current_projecttop score: 90released: 2026-05-14first surfaced: 2026-05-14arXivPDFlinked_to_results2026-05-14

Authors: Joe Hattori, Naoki Kobayashi, Ken Sakayori

arXiv · PDF

Summary

arXiv:2605. 13246v1 Announce Type: new Abstract: Reference counting bugs in Linux kernel drivers can lead to severe resource mismanagement and security vulnerabilities.

Relevance

Read next because Automatic Detection of Reference Counting Bugs in Linux Kernel Drivers overlaps with clean result "Training one persona to emit a [ZLT] marker without bystanders adopting it has a one-cell-wide LR x epochs window on Qwen2.5-7B-Instruct (LOW confidence)", clean result "The marker is a representational handle, not a behavioural one — sharing it between a villain persona and the assistant transfers no misalignment (HIGH confidence)", clean result "Longer persona system prompts pull a [ZLT] marker toward the source persona — stronger source rate and less bystander leakage across an N=48 LoRA panel on Qwen2.5-7B-Instruct (MODERATE confidence)". Matching terms: source, rate, model. Source: arxiv cs.CR (Cryptography and Security).

Abstract

arXiv:2605.13246v1 Announce Type: new Abstract: Reference counting bugs in Linux kernel drivers can lead to severe resource mismanagement and security vulnerabilities. We introduce DrvHorn, a novel automated tool to detect these bugs by reducing reference counting verification to an assertion checking problem leveraging the Linux driver interface. Through efficient modeling of the Linux kernel and aggressive program slicing, DrvHorn discovered 545 bugs, of which 424 were previously unknown, across all platform drivers in v6.6 Linux kernel, with a lower false positive rate of 29.9% compared to prior studies. To address the root causes of these newly discovered bugs, we submitted patches to the Linux kernel, and 45 of them were merged.