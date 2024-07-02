Alphabet Inc.’s (GOOG) Google has unveiled a new bug bounty initiative titled kvmCTF, aimed at identifying vulnerabilities within the Kernel-based Virtual Machine (KVM) hypervisor.This program offers rewards of up to $250,000 for successfully demonstrating a full virtual machine escape exploit. Such an exploit pertains to a vulnerability that allows malicious code to break free from the hypervisor and execute on the host system.Participants in the program can book time slots to access a guest VM hosted in a controlled lab environment, where they can attempt guest-to-host attacks.”The objective of the attack must be to exploit a zero-day vulnerability in the KVM subsystem of the host kernel. If successful, the attacker will obtain a flag that proves their accomplishment in exploiting the vulnerability,” Google detailed in a blog post.According to SecurityWeek, Google anticipates this initiative will assist in uncovering virtual machine escapes, arbitrary code execution flaws, information disclosure issues, and denial-of-service (DoS) bugs.The material has been provided by InstaForex Company – www.instaforex.com