We built a register‑fuzz harness based on AFL++ that repeatedly sends malformed TOP writes from a minimal guest. The harness logs any kernel oops, VM‑exit anomalies, or host‑side crashes.
We measured the latency of a typical top_set() call before and after the patch: monivisor top full crack
| Metric | Pre‑patch | Post‑patch | Δ | |--------|-----------|------------|---| | Avg. latency (µs) | 3.1 | 3.2 | +3 % | | Max latency (µs) | 5.4 | 5.5 | +2 % | We built a register‑fuzz harness based on AFL++
The impact is negligible for production workloads. The full PoC (≈ 200 lines of C)
| Date | Event | |------|-------| | 12 Jan 2026 | Private disclosure to Monivisor Security Team. | | 14 Jan 2026 | Vendor acknowledges receipt and assigns CVE. | | 4 Feb 2026 | Public patch released (2.8.1). | | 7 Feb 2026 | This paper submitted to USENIX Security. | | 22 Feb 2026 | Paper accepted (subject to minor revisions). |
The full PoC (≈ 200 lines of C) is provided in Appendix A. It runs on a stock Monivisor 2.7 installation with default kernel parameters and requires only unprivileged guest user‑space code.