Existing firmware fuzzing approaches struggle to effectively cover Direct Memory Access (DMA) interfaces in rehosted environments, often missing critical vulnerabilities. This work proposes an automated method that requires neither device datasheets nor manual configuration, leveraging runtime dynamic analysis to infer DMA memory access patterns. It further extends stream-based fuzzing input injection—previously unexplored for DMA—to address challenges such as vendor-specific descriptors, heterogeneous architectures, and variable descriptor locations. Evaluation on 94 firmware samples and eight DMA-related CVEs demonstrates that the approach significantly improves test coverage—by up to 122%—and uncovers previously missed vulnerabilities and execution paths that existing tools fail to detect.

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains difficult due to the tight coupling of code with a microcontroller's peripherals. Existing fuzzing frameworks primarily address input challenges in providing inputs for Memory-Mapped I/O or interrupts, but largely overlook Direct Memory Access (DMA), a key high-throughput interface used that bypasses the CPU. We introduce DyMA-Fuzz to extend recent advances in stream-based fuzz input injection to DMA-driven interfaces in re-hosted environments. It tackles key challenges--vendor-specific descriptors, heterogeneous DMA designs, and varying descriptor locations--using runtime analysis techniques to infer DMA memory access patterns and automatically inject fuzzing data into target buffers, without manual configuration or datasheets. Evaluated on 94 firmware samples and 8 DMA-guarded CVE benchmarks, DyMA-Fuzz reveals vulnerabilities and execution paths missed by state-of-the-art tools and achieves up to 122% higher code coverage. These results highlight DyMA-Fuzz as a practical and effective advancement in automated firmware testing and a scalable solution for fuzzing complex embedded systems.