- Google has launched its kvmCTF vulnerability reward program, which offers rewards of up to $250,000 for full VM escape exploits.
- The reward program intends to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor, a crucial component in consumer and enterprise settings.
Google has come out with a new vulnerability reward program (VRP), kvmCTF, which was first announced in October 2023. The program offers $250,000 bounties for full VM escape exploits and intends to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor.
KVM is an open-source hypervisor and a crucial component in enterprise and consumer settings, powering Google Cloud and Android platforms. Google is a key and active contributor to KVM and has developed kvmCTF as a collaborative platform to detect and fix vulnerabilities.
kvmCTF is similar to the kernelCTF VRP; while the latter targets Linux kernel security flaws, the former focuses on VM-reachable bugs in the KVM hypervisor.
kvmCTF aims to execute successful guest-to-host attacks, and QEMU or host-to-KVM vulnerabilities won’t be rewarded. Security researchers enrolling in the program are given a controlled…
