Google Launches $250,000 Bug Bounty Program For KVM Exploits

(RTTNews) - Alphabet Inc.'s (GOOG) Google has announced a new bug bounty program, named kvmCTF, to help find vulnerabilities in the Kernel-based Virtual Machine or KVM hypervisor.

The program offers a reward of upto $250,000 for successfully achieving a full virtual machine escape exploit, which refers to a vulnerability in hypervisor that allows malicious code to break free and execute on the underlying host system.

During the program, the participants could reserve time slots to access a guest VM hosted in a lab environment to conduct a guest-to-host attack.

"The goal of the attack must be to exploit a zero day vulnerability in the KVM subsystem of the host kernel. If successful, the attacker will obtain a flag that proves their accomplishment in exploiting the vulnerability," Google explained in a blog post.

The company hopes that the project would help in identifying virtual machine escapes, arbitrary code execution flaws, information disclosure issues, and denial-of-service or DoS bugs, according to Securityweek.