WASHINGTON (dpa-AFX) - Alphabet Inc.'s (GOOG) Google has announced a new bug bounty program, named kvmCTF, to help find vulnerabilities in the Kernel-based Virtual Machine or KVM hypervisor.
The program offers a reward of upto $250,000 for successfully achieving a full virtual machine escape exploit, which refers to a vulnerability in hypervisor that allows malicious code to break free and execute on the underlying host system.
During the program, the participants could reserve time slots to access a guest VM hosted in a lab environment to conduct a guest-to-host attack.
'The goal of the attack must be to exploit a zero day vulnerability in the KVM subsystem of the host kernel. If successful, the attacker will obtain a flag that proves their accomplishment in exploiting the vulnerability,' Google explained in a blog post.
The company hopes that the project would help in identifying virtual machine escapes, arbitrary code execution flaws, information disclosure issues, and denial-of-service or DoS bugs, according to Securityweek.
Copyright(c) 2024 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
© 2024 AFX News