CyberSecurityBoard
Sponsor Register Login

Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor.
The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM hypervisor.
The bug bounty program works like a CTF event, with participants being able to reserve time slots to access a guest VM hosted in a lab environment, and attempt to conduct a guest-to-host attack.
Google is hoping the project will help in identifying virtual machine escapes, arbitrary code execution flaws, information disclosure issues, and denial-of-service bugs.
The highest reward, $250,000, can be earned for a full VM escape.
Participants can earn $100,000 for an arbitrary memory write exploit, and $50,000 for an arbitrary memory read or a relative memory write exploit.
DoS attacks can earn up to $20,000 and relative memory read flaws up to $10,000.
KVM is widely used in both consumer and enterprise solutions, including by the Android and Google Cloud platforms, which is why the internet giant wants to enhance the hypervisor's security.
Interested hackers can read the complete rules for kvmCTF on GitHub.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 01 Jul 2024 14:43:06 +0000


Cyber News related to Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

CVE-2024-40953 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2021-47094 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2025-21839 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
1 year ago Bleepingcomputer.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
2 years ago Hackread.com Hunters
CVE-2021-47092 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2021-47341 - In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec ...
1 year ago Tenable.com
CVE-2022-48763 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or ...
1 year ago Tenable.com
Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program - Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor. The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM ...
11 months ago Securityweek.com
Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program - Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor. The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM ...
11 months ago Packetstormsecurity.com
CVE-2025-37957 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2021-47639 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
1 year ago Bleepingcomputer.com Hunters
CVE-2024-26976 - In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all ...
1 year ago Tenable.com
CVE-2021-47230 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is ...
1 year ago Tenable.com
CVE-2022-50224 - In the Linux kernel, the following vulnerability has been resolved: ...
4 days ago
CVE-2024-47744 - In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock on x86 due to a chain of locks and ...
8 months ago Tenable.com
Netflix Paid Out Over $1 Million via Bug Bounty Program - Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016. The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program ...
1 year ago Packetstormsecurity.com Hunters
CVE-2024-45005 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
1 year ago Wordfence.com
Google paid $12 million in bug bounties last year to security researchers - Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. The company also paid over $3.3 million to researchers who reported security ...
3 months ago Bleepingcomputer.com
CVE-2024-47717 - In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observed when SBI PMU snapshot is enabled for the ...
8 months ago Tenable.com
CVE-2023-52803 - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir() workqueue,which takes care about pipefs superblock ...
1 year ago Tenable.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
1 year ago Securityweek.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
1 year ago Packetstormsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)