

WASHINGTON (dpa-AFX) - Alphabet Inc.'s (GOOG) Google has announced a new bug bounty program, named kvmCTF, to help find vulnerabilities in the Kernel-based Virtual Machine or KVM hypervisor.



The program offers a reward of upto $250,000 for successfully achieving a full virtual machine escape exploit, which refers to a vulnerability in hypervisor that allows malicious code to break free and execute on the underlying host system.



During the program, the participants could reserve time slots to access a guest VM hosted in a lab environment to conduct a guest-to-host attack.



'The goal of the attack must be to exploit a zero day vulnerability in the KVM subsystem of the host kernel. If successful, the attacker will obtain a flag that proves their accomplishment in exploiting the vulnerability,' Google explained in a blog post.



The company hopes that the project would help in identifying virtual machine escapes, arbitrary code execution flaws, information disclosure issues, and denial-of-service or DoS bugs, according to Securityweek.



