• HOME
  • NEWS
  • EXPLORE
    • CAREER
      • Companies
      • Jobs
    • EVENTS
    • iGEM
      • News
      • Team
    • PHOTOS
    • VIDEO
    • WIKI
  • BLOG
  • COMMUNITY
    • FACEBOOK
    • INSTAGRAM
    • TWITTER
Saturday, October 11, 2025
BIOENGINEER.ORG
No Result
View All Result
  • Login
  • HOME
  • NEWS
  • EXPLORE
    • CAREER
      • Companies
      • Jobs
        • Lecturer
        • PhD Studentship
        • Postdoc
        • Research Assistant
    • EVENTS
    • iGEM
      • News
      • Team
    • PHOTOS
    • VIDEO
    • WIKI
  • BLOG
  • COMMUNITY
    • FACEBOOK
    • INSTAGRAM
    • TWITTER
  • HOME
  • NEWS
  • EXPLORE
    • CAREER
      • Companies
      • Jobs
        • Lecturer
        • PhD Studentship
        • Postdoc
        • Research Assistant
    • EVENTS
    • iGEM
      • News
      • Team
    • PHOTOS
    • VIDEO
    • WIKI
  • BLOG
  • COMMUNITY
    • FACEBOOK
    • INSTAGRAM
    • TWITTER
No Result
View All Result
Bioengineer.org
No Result
View All Result
Home NEWS Science News

Once overlooked, uninitialized-use ‘bugs’ may provide portal for hacker attacks on linux

Bioengineer by Bioengineer
March 2, 2017
in Science News
Reading Time: 2 mins read
0
Share on FacebookShare on TwitterShare on LinkedinShare on RedditShare on Telegram

Popular with programmers the world over for its stability, flexibilityand security, Linux now appears to be vulnerable to hackers.

According to new Georgia Institute of Technology research, uninitialized variables ­- largely overlooked bugs mostly regarded as insignificant memory errors — are actually a critical attack vector that can be reliably exploited by hackers to launch privilege escalation attacks in the Linux kernel.

When successful, these intrusions give attackers increasing levels of access to a network's resources.

"While other kernel bugs and vulnerabilities have been examined and remedied, uninitialized-use bugs are not well studied, and to date, no practical defense mechanisms have been developed to protect against these attacks," said Georgia Tech Ph.D. student Kangjie Lu, lead researcher on the project.

In fact, despite potentially dangerous consequences, uninitialized-use bugs are seldom even classified as security vulnerabilities.

To prove that these bugs do present a security risk, researchers developed a novel approach, known as targeted stack spraying, to attack the operating system (OS) kernel.

Along with a technique that occupies large portions of the memory to control the stack, the automated attack probes the stack to find weaknesses that user-mode programs can exploit to direct kernel code paths and leave attacker-controlled data on the kernel stack. Ultimately, the goal of this attack is to reliably control the value of a specific uninitialized variable in the kernel space of a running program.

The research findings confirm that hackers using this method can automatically prepare a malicious pointer in the uninitialized variable. When the malicious pointer is used, a privilege escalation attack targeting the Linux kernel may occur.

"Our research shows that utilizing the targeted stack-spraying approach allows attackers to reliably control more than 91 percent of the Linux kernel stack, which, in combination with uninitialized-use vulnerabilities, suffices for a privilege escalation attack," said Lu.

Not content to merely identify the vulnerability, Lu and his fellow researchers also developed a potential solution to the problem.

"Our mitigation approach leverages the fact that uninitialized-use attacks usually control an uninitialized pointer to achieve arbitrary read/write/execution," explained Lu. "By zero-initializing pointer-type fields that the compiler cannot prove are properly initialized before they are used, we can prevent an adversary from controlling these pointers."

To limit any unnecessary performance overhead related to zero-initializing pointer-type fields, the team developed an intra-procedural program analysis that checks whether a pointer field is properly initialized when it is used. Only uninitialized pointer fields require zero initialization.

A paper titled Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying is being presented this week at the Network and Distributed System Security Symposium being held in San Diego, Calif.

###

Media Contact

Ben Snedeker
[email protected]
404-844-7128
@GeorgiaTech

http://www.gatech.edu

############

Story Source: Materials provided by Scienmag

Share12Tweet7Share2ShareShareShare1

Related Posts

Unveiling Mental Health Challenges in Autistic Girls

October 11, 2025
Soft Exosuit Enhances Shoulder and Elbow Function Post-Injury

Soft Exosuit Enhances Shoulder and Elbow Function Post-Injury

October 11, 2025

Link Between Nurse Practices and CAUTI Rates

October 11, 2025

Advancements in Flexible Counter Electrodes for Solar Cells

October 11, 2025
Please login to join discussion

POPULAR NEWS

  • Sperm MicroRNAs: Crucial Mediators of Paternal Exercise Capacity Transmission

    1214 shares
    Share 485 Tweet 303
  • New Study Reveals the Science Behind Exercise and Weight Loss

    102 shares
    Share 41 Tweet 26
  • New Study Indicates Children’s Risk of Long COVID Could Double Following a Second Infection – The Lancet Infectious Diseases

    99 shares
    Share 40 Tweet 25
  • Revolutionizing Optimization: Deep Learning for Complex Systems

    88 shares
    Share 35 Tweet 22

About

We bring you the latest biotechnology news from best research centers and universities around the world. Check our website.

Follow us

Recent News

Unveiling Mental Health Challenges in Autistic Girls

Soft Exosuit Enhances Shoulder and Elbow Function Post-Injury

Link Between Nurse Practices and CAUTI Rates

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 63 other subscribers
  • Contact Us

Bioengineer.org © Copyright 2023 All Rights Reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Homepages
    • Home Page 1
    • Home Page 2
  • News
  • National
  • Business
  • Health
  • Lifestyle
  • Science

Bioengineer.org © Copyright 2023 All Rights Reserved.