Trick & Deal with! ? Paying Leets and Sweets for Linux Kernel privescs and k8s escapes
3 mins read

Trick & Deal with! ? Paying Leets and Sweets for Linux Kernel privescs and k8s escapes


We’re continually investing within the safety of the Linux Kernel as a result of a lot of the web, and Google—from the gadgets in our pockets, to the companies operating on Kubernetes within the cloud—rely on the safety of it. We analysis its vulnerabilities and assaults, in addition to examine and develop its defenses.

However we all know that there’s extra work to do. That’s why now we have determined to construct on high of our kCTF VRP from final yr and triple our earlier reward quantities (for at the very least the following 3 months).

Our base rewards for every publicly patched vulnerability is 31,337 USD (at most one exploit per vulnerability), however the reward can go as much as 50,337 USD in two circumstances:

  • If the vulnerability was in any other case unpatched within the Kernel (0day)
  • If the exploit makes use of a brand new assault or method, as decided by Google

We hope the brand new rewards will encourage the safety neighborhood to discover new Kernel exploitation strategies to attain privilege escalation and drive faster fixes for these vulnerabilities. You will need to observe, that the simplest exploitation primitives should not out there in our lab atmosphere because of the hardening finished on Container-Optimized OS. Observe this program enhances Android’s VRP rewards, so exploits that work on Android is also eligible for as much as 250,000 USD (that is along with this program).

The mechanics are:

  1. Hook up with the kCTF VRP cluster, acquire root and browse the flag (learn this writeup for the way it was finished earlier than, and this risk mannequin for inspiration), after which submit your flag and a checksum of your exploit on this type.
  2. (If relevant) report vulnerabilities to upstream.
  • We strongly suggest together with a patch since that might qualify for an further reward from our Patch Reward Program, however please report vulnerabilities upstream promptly when you verify they’re exploitable.
  • Report your discovering to Google VRP as soon as all patches are publicly out there (we do not wish to obtain particulars of unpatched vulnerabilities forward of the general public.)
    • Present the exploit code and the algorithm used to calculate the hash checksum.
    • A tough description of the exploit technique is welcome.

    Experiences can be triaged on a weekly foundation. If anybody has issues with the lab atmosphere (if it is unavailable, technical points or different questions), contact us on Discord in #kctf. You possibly can learn extra particulars about this system right here. Glad looking!

    Leave a Reply

    Your email address will not be published. Required fields are marked *