Tuesday, May 6, 2025
Homecyber securityGoogle to offer $250,000 for Full VM Escape Zero-day Vulnerability

Google to offer $250,000 for Full VM Escape Zero-day Vulnerability

Published on

SIEM as a Service

Follow Us on Google News

Google has unveiled kvmCTF, a new vulnerability reward program (VRP) explicitly targeting the Kernel-based Virtual Machine (KVM) hypervisor.

This initiative, first announced in October 2023, underscores Google’s commitment to enhancing the security of foundational technologies like Linux and KVM, which are integral to many of its products, including Android and Google Cloud.

KVM, a robust hypervisor with over 15 years of open-source development, is widely used across consumer and enterprise landscapes.

- Advertisement - Google News

Google, an active contributor to the KVM project, has designed kvmCTF as a collaborative platform for identifying and remediating vulnerabilities, thereby hardening this critical security boundary.

The program is similar to kernelCTF but focuses on zero-day vulnerabilities and previously unknown security flaws.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Participants in kvmCTF will have access to a lab environment to log in and utilize their exploits to obtain flags.

The program will not reward exploits that use n-day vulnerabilities, ensuring the focus remains on discovering new, unpatched vulnerabilities.

Details regarding any discovered zero-day vulnerabilities will be shared with Google only after an upstream patch is released, ensuring that Google receives the information simultaneously with the rest of the open-source community.

Reward Tiers and Participation

The kvmCTF program offers substantial rewards for various levels of the following vulnerabilities:

  • Full VM escape: $250,000
  • Arbitrary memory write: $100,000
  • Arbitrary memory read: $50,000
  • Relative memory write: $50,000
  • Denial of service: $20,000
  • Relative memory read: $10,000

To facilitate the discovery of these vulnerabilities, kvmCTF provides the option of using a host with Kernel Address Sanitizer (KASAN) enabled, which helps identify memory errors.

Participants will engage in a controlled environment with a bare metal host running a single guest VM.

They can reserve time slots to access the guest VM and attempt guest-to-host attacks, aiming to exploit zero-day vulnerabilities in the KVM subsystem of the host kernel.

Successful attackers will obtain a flag as proof of their accomplishment, and the severity of the attack will determine the reward amount.

How to Get Involved

To participate in kvmCTF, interested individuals must read the program’s rules, which provide detailed information on reserving a time slot, connecting to the guest VM, and obtaining flags.

The rules also explain the mapping of various KASAN violations with the reward tiers and offer instructions on reporting a vulnerability.

Google’s kvmCTF initiative represents a significant step forward in the collaborative effort to secure open-source technologies.

By offering substantial rewards for discovering zero-day vulnerabilities, Google aims to engage the global security community in its mission to enhance the security and reliability of the KVM hypervisor, ultimately benefiting users worldwide.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months

The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in...

Microsoft 365 Copilot and Office Apps Now Protected by SafeLinks at Click Time

Microsoft announced a major update aimed at bolstering the cybersecurity of its flagship AI-powered...

Hackers Targeting Schools and Universities in New Mexico with Cyber Attacks

A major cyberattack on the Coweta County School System's computer network occurred late Friday night, which is a worrying development for New Mexico's educational institutions. The unauthorized intrusion, detected around 7:00 p.m., prompted immediate action from the school...

Initial Access Brokers Play a Vital Role in Modern Ransomware Attacks

The ransomware threat landscape has evolved dramatically in recent years, with specialized cybercriminals like...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months

The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in...

Microsoft 365 Copilot and Office Apps Now Protected by SafeLinks at Click Time

Microsoft announced a major update aimed at bolstering the cybersecurity of its flagship AI-powered...

Hackers Targeting Schools and Universities in New Mexico with Cyber Attacks

A major cyberattack on the Coweta County School System's computer network occurred late Friday night, which is a worrying development for New Mexico's educational institutions. The unauthorized intrusion, detected around 7:00 p.m., prompted immediate action from the school...