Trick & Deal with! ? Paying Leets and Sweets for Linux Kernel privescs and k8s escapes


We’re consistently investing within the safety of the Linux Kernel as a result of a lot of the web, and Google—from the gadgets in our pockets, to the companies operating on Kubernetes within the cloud—depend upon the safety of it. We analysis its vulnerabilities and assaults, in addition to examine and develop its defenses.

However we all know that there’s extra work to do. That’s why we’ve got determined to construct on high of our kCTF VRP from final yr and triple our earlier reward quantities (for at the very least the subsequent 3 months).

Our base rewards for every publicly patched vulnerability is 31,337 USD (at most one exploit per vulnerability), however the reward can go as much as 50,337 USD in two circumstances:

  • If the vulnerability was in any other case unpatched within the Kernel (0day)
  • If the exploit makes use of a brand new assault or method, as decided by Google

We hope the brand new rewards will encourage the safety group to discover new Kernel exploitation methods to attain privilege escalation and drive faster fixes for these vulnerabilities. You will need to word, that the best exploitation primitives usually are not out there in our lab setting because of the hardening executed on Container-Optimized OS. Word this program enhances Android’s VRP rewards, so exploits that work on Android may be eligible for as much as 250,000 USD (that is along with this program).

The mechanics are:

  1. Connect with the kCTF VRP cluster, get hold of root and browse the flag (learn this writeup for the way it was executed earlier than, and this risk mannequin for inspiration), after which submit your flag and a checksum of your exploit on this kind.
  2. (If relevant) report vulnerabilities to upstream.
  • We strongly advocate together with a patch since that would qualify for an extra reward from our Patch Reward Program, however please report vulnerabilities upstream promptly when you affirm they’re exploitable.
  • Report your discovering to Google VRP as soon as all patches are publicly out there (we do not need to obtain particulars of unpatched vulnerabilities forward of the general public.)
    • Present the exploit code and the algorithm used to calculate the hash checksum.
    • A tough description of the exploit technique is welcome.

    Stories shall be triaged on a weekly foundation. If anybody has issues with the lab setting (if it is unavailable, technical points or different questions), contact us on Discord in #kctf. You may learn extra particulars about this system right here. Pleased searching!