Characteristics, Root Causes, and Detection of Incomplete Security Bug Fixes in the Linux Kernel

TL;DR

This study investigates incomplete security bug fixes in the Linux kernel, analyzing their characteristics, root causes, and proposing detection methods to improve security and reduce risks.

Contribution

First comprehensive analysis of incomplete security bug fixes in the Linux kernel, including dataset construction, characterization, root cause identification, and detection strategies.

Findings

Incomplete fixes often fail to fully resolve security issues.

Root causes include human errors and oversight during fixing process.

Proposed detection methods can identify incomplete fixes to enhance security.

Abstract

Security bugs in the Linux kernel emerge endlessly and have attracted much attention. However, fixing security bugs in the Linux kernel could be incomplete due to human mistakes. Specifically, an incomplete fix fails to repair all the original security defects in the software, fails to properly repair the original security defects, or introduces new ones. In this paper, we study the fixes of incomplete security bugs in the Linux kernel for the first time, and reveal their characteristics, root causes, as well as detection. We first construct a dataset of incomplete security bug fixes in the Linux kernel and answer the following three questions. What are the characteristics of incomplete security bug fixes in the Linux kernel? What are the root causes behind them? How should they be detected to reduce security risks? We then have the three main insights in the following. (*Due to the notification of arXiv "The Abstract field cannot be longer than 1,920 characters", the appeared Abstract is shortened. For the full Abstract, please download the Article.)