One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8527970 |
| Date de publication | 2024-06-27 13:14:02 (vue: 2024-06-29 17:06:18) |
| Titre | Évasion virtuelle;Récompense réelle: présentant KVMCTF de Google \\ Virtual Escape; Real Reward: Introducing Google\\'s kvmCTF |
| Texte | Marios Pomonis, Software EngineerGoogle is committed to enhancing the security of open-source technologies, especially those that make up the foundation for many of our products, like Linux and KVM. To this end we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023.KVM is a robust hypervisor with over 15 years of open-source development and is widely used throughout the consumer and enterprise landscape, including platforms such as Android and Google Cloud. Google is an active contributor to the project and we designed kvmCTF as a collaborative way to help identify & remediate vulnerabilities and further harden this fundamental security boundary. Similar to kernelCTF, kvmCTF is a vulnerability reward program designed to help identify and address vulnerabilities in the Kernel-based Virtual Machine (KVM) hypervisor. It offers a lab environment where participants can log in and utilize their exploits to obtain flags. Significantly, in kvmCTF the focus is on zero day vulnerabilities and as a result, we will not be rewarding exploits that use n-days vulnerabilities. Details regarding the zero day vulnerability will be shared with Google after an upstream patch is released to ensure that Google obtains them at the same time as the rest of the open-source community. Additionally, kvmCTF uses the Google Bare Metal Solution (BMS) environment to host its infrastructure. Finally, given how critical a hypervisor is to overall system security, kvmCTF will reward various levels of vulnerabilities up to and including code execution and VM escape. |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $10 $100 $20 $250 $50 similar 000arbitrary 000denial 000relative 000to 2023 able access accomplishment active additionally address after all allow amount android announce announced are attack attacker attempt bare based basis begin below bms boundary can case cloud code collaborative committed community connect consists consumer contact contributor critical day days denial designed details determine development discord enabled end engineergoogle enhancing ensure enterprise environment escape escape: escape; especially evaluated excited execution explained exploit exploiting exploits facilitate finally find first flag flags focus following:full foundation fundamental further given goal google guest harden help host how hypervisor identify including information infrastructure instructions introducing its kasan kernel kernelctf kvm kvmctf lab landscape launch levels like linux log machine make many mapping marios memory metal must not obtain obtains october offers open option over overall participant participants participateto partly patch perform platforms pomonis products program project proof proves read: reading real regarding relative released remediate report reports reserve rest result reward reward: rewarding rewards robust rules running same security send service service: severity shared significantly single slot slots software solution source start submission subsystem successful such system technologies the them thoroughly those throughout tier tiers time triggering upstream use used uses using utilize various violation violations virtual vrp vulnerabilities vulnerability way where which widely will worksthe write/read write: years your zero |
| Tags | Vulnerability Threat Mobile Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.