Google is dedicated to enhancing the safety of open-source applied sciences, particularly those who make up the inspiration for a lot of of our merchandise, like Linux and KVM. To this finish we’re excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Digital Machine (KVM) hypervisor first introduced in October 2023.KVM is a sturdy hypervisor with over 15 years of open-source improvement and is extensively used all through the patron and enterprise panorama, together with platforms reminiscent of Android and Google Cloud. Google is an lively contributor to the undertaking and we designed kvmCTF as a collaborative means to assist establish & remediate vulnerabilities and additional harden this basic safety boundary. Much like kernelCTF, kvmCTF is a vulnerability reward program designed to assist establish and tackle vulnerabilities within the Kernel-based Digital Machine (KVM) hypervisor. It gives a lab surroundings the place individuals can log in and make the most of their exploits to acquire flags. Considerably, in kvmCTF the main target is on zero day vulnerabilities and consequently, we is not going to be rewarding exploits that use n-days vulnerabilities. Particulars relating to the zero day vulnerability shall be shared with Google after an upstream patch is launched to make sure that Google obtains them similtaneously the remainder of the open-source group. Moreover, kvmCTF makes use of the Google Naked Steel Resolution (BMS) surroundings to host its infrastructure. Lastly, given how essential a hypervisor is to general system safety, kvmCTF will reward varied ranges of vulnerabilities as much as and together with code execution and VM escape.The way it worksThe surroundings consists of a naked steel host working a single visitor VM. Members will be capable of reserve time slots to entry the visitor VM and try to carry out a guest-to-host assault. The objective of the assault have to be to use a zero day vulnerability within the KVM subsystem of the host kernel. If profitable, the attacker will receive a flag that proves their accomplishment in exploiting the vulnerability. The severity of the assault will decide the reward quantity, which shall be primarily based on the reward tier system defined beneath. All studies shall be completely evaluated on a case-by-case foundation.The rewards tiers are the next:Full VM escape: $250,000Arbitrary reminiscence write: $100,000Arbitrary reminiscence learn: $50,000Relative reminiscence write: $50,000Denial of service: $20,000Relative reminiscence learn: $10,000To facilitate the relative reminiscence write/learn tiers and partly the denial of service, kvmCTF gives the choice of utilizing a number with KASAN enabled. In that case, triggering a KASAN violation will permit the participant to acquire a flag as proof.How one can participateTo start, begin by studying the principles of this system. There you’ll find info on learn how to reserve a time slot, hook up with the visitor and procure the flags, the mapping of the varied KASAN violations with the reward tiers and directions on learn how to report a vulnerability, ship us your submission, or contact us on Discord.