Vulnerability Management, Threat Management, Bug Bounties

Google unveils new KVM bug bounty program

binary code and magnifying glass

Google has moved to strengthen Kernel-based Virtual Machine hypervisor security with the introduction of the new kvmCTF vulnerability reward program, reports BleepingComputer.

Under the program, up to $250,000 would be given to security researchers who will be able to identify full VM escape exploits, while researchers determining arbitrary memory write flaws would be offered $100,000, according to Google, which will be providing bounties of $50,000 for the discovery of arbitrary memory read and relative memory write zero-days, as well as rewards of $20,000 and $10,000 for denial-of-service and relative memory read bugs, respectively. Guest-to-host intrusions could be attempted on the kvmCTF infrastructure upon reservation.

"The goal of the attack must be to exploit a zero-day vulnerability in the KVM subsystem of the host kernel. If successful, the attacker will obtain a flag that proves their accomplishment in exploiting the vulnerability," noted Google software engineer Marios Pomonis.

Information regarding the identified zero-days would only be provided upon the issuance of patches, said Google.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds