CyberSecurityBoard
Sponsor Register Login

Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor.
The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM hypervisor.
The bug bounty program works like a CTF event, with participants being able to reserve time slots to access a guest VM hosted in a lab environment, and attempt to conduct a guest-to-host attack.
Google is hoping the project will help in identifying virtual machine escapes, arbitrary code execution flaws, information disclosure issues, and denial-of-service bugs.
The highest reward, $250,000, can be earned for a full VM escape.
Participants can earn $100,000 for an arbitrary memory write exploit, and $50,000 for an arbitrary memory read or a relative memory write exploit.
DoS attacks can earn up to $20,000 and relative memory read flaws up to $10,000.
KVM is widely used in both consumer and enterprise solutions, including by the Android and Google Cloud platforms, which is why the internet giant wants to enhance the hypervisor's security.
Interested hackers can read the complete rules for kvmCTF on GitHub.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 01 Jul 2024 14:43:06 +0000


Cyber News related to Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

CVE-2021-47094 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
7 months ago Bleepingcomputer.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
CVE-2021-47092 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2021-47341 - In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec ...
1 month ago Tenable.com
CVE-2022-48763 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or ...
2 weeks ago Tenable.com
Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program - Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor. The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM ...
5 days ago Packetstormsecurity.com
Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program - Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor. The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM ...
5 days ago Securityweek.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
3 months ago Bleepingcomputer.com
CVE-2024-26976 - In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all ...
2 months ago Tenable.com
CVE-2021-47230 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is ...
1 month ago Tenable.com
Netflix Paid Out Over $1 Million via Bug Bounty Program - Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016. The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program ...
1 month ago Packetstormsecurity.com
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
3 months ago Wordfence.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
3 months ago Securityweek.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
3 months ago Packetstormsecurity.com
Google now pays $250,000 for KVM zero-day vulnerabilities - Google has launched kvmCTF, a new vulnerability reward program first announced in October 2023 to improve the security of the Kernel-based Virtual Machine hypervisor that comes with $250,000 bounties for full VM escape exploits. KVM, an open-source ...
4 days ago Bleepingcomputer.com
CVE-2023-52803 - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir() workqueue,which takes care about pipefs superblock ...
1 month ago Tenable.com
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program - Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope. Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning. We're ...
1 month ago Wordfence.com
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
7 months ago Bleepingcomputer.com
CVE-2024-39483 - In the Linux kernel, the following vulnerability has been resolved: ...
1 day ago
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
2 months ago Techrepublic.com
Poking holes in Google products bagged bug hunters $10M The Register - Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. The web goliath's 2023 total represents a slight dip compared to the $12 million in bounties it paid the previous year. Hopefully this means ...
3 months ago Go.theregister.com
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
2 months ago Wordfence.com
CVE-2021-47390 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in ...
1 month ago Tenable.com
Google Chrome 120 Released with Patch for 10 Critical Security Flaws - Google has recently released Chrome 120 for Windows, Mac, and Linux. This version of Chrome comes with 10 security patches to ensure a safer browsing experience for its users. The most recent versions of Chrome available to users are 120.0.6099.62 ...
6 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)