Google introduced kvmCTF in October 2023, offering $250,000 bounties for full VM escape exploits in the Kernel-based Virtual Machine (KVM) hypervisor. KVM, integral to platforms like Android and Google Cloud, has been developed over 17 years as an open-source hypervisor. Google, a significant KVM contributor, launched kvmCTF to foster collaboration in identifying and addressing VM-reachable bugs, similar to their kernelCTF program focused on Linux kernel security. Unlike typical programs, kvmCTF prioritizes zero-day vulnerabilities over known exploits, providing researchers a controlled lab environment to discover and capture flags. Read more...
