Google Offers $250K Bounty for KVM Hypervisor Exploits
KVM is a renowned and open-source hypervisor, not spearheaded by Google, yet it is extensively utilized in both Android and Google Cloud, making Google a significant contributor to the KVM project.
Google has now established a new reward structure for the kvmCTF bug bounty program. Researchers who successfully escape from a guest to a host environment can earn up to $250,000 for a single vulnerability.
The primary objective of kvmCTF is to uncover VM-accessible vulnerabilities within the KVM hypervisor. Google’s focus is exclusively on zero-day vulnerabilities; thus, any exploitation of existing vulnerability chains will not be rewarded.
Researchers wishing to participate in the program must register for kvmCTF and then use Google’s pre-deployed hosted environment for testing. Google allocates time for researchers to attempt to escape from the virtual machine to the host machine, targeting zero-day vulnerabilities in the KVM subsystem of the host kernel.
The rewards tiers are the following:
-
Full VM escape: $250,000
-
Arbitrary memory write: $100,000
-
Arbitrary memory read: $50,000
-
Relative memory write: $50,000
-
Denial of service: $20,000
-
Relative memory read: $10,000
If a researcher successfully executes an attack, they receive a token to verify the successful exploitation of the vulnerability. Google then evaluates the severity of the vulnerability and, following a thorough assessment, determines the amount of the reward to be issued to the researcher.