The Linux kernel is a key part for the safety of the Web. Google makes use of Linux in nearly all the pieces, from the computer systems our workers use, to the merchandise individuals world wide use each day like Chromebooks, Android on telephones, vehicles, and TVs, and workloads on Google Cloud. Due to this, we’ve closely invested in Linux’s safety – and as we speak, we’re saying how we’re constructing on these investments and rising our rewards.
In 2020, we launched an open-source Kubernetes-based Seize-the-Flag (CTF) challenge referred to as, kCTF. The kCTF Vulnerability Rewards Program (VRP) lets researchers connect with our Google Kubernetes Engine (GKE) cases, and if they will hack it, they get a flag, and are probably rewarded. All of GKE and its dependencies are in scope, however each flag caught to this point has been a container breakout by a Linux kernel vulnerability. We’ve realized that discovering and exploiting heap reminiscence corruption vulnerabilities within the Linux kernel could possibly be made lots tougher. Sadly, safety mitigations are sometimes exhausting to quantify, nonetheless, we expect we’ve discovered a manner to take action concretely going ahead.
After we launched kCTF, we hoped to construct a neighborhood of Linux kernel exploitation hackers. This labored properly and allowed the neighborhood to study from a number of members of the safety neighborhood like Markak, starlabs, Crusaders of Rust, d3v17, [email protected], valis, kylebot, pqlqpql and Awarau.
Now, we’re making updates to the kCTF program. First, we’re indefinitely extending the elevated reward quantities we introduced earlier this yr, that means we’ll proceed to pay $20,000 – $91,337 USD for vulnerabilities on our lab kCTF deployment to reward the essential work being carried out to grasp and enhance kernel safety. That is along with our present patch rewards for proactive safety enhancements.
Second, we’re launching new cases with extra rewards to judge the most recent Linux kernel secure picture in addition to new experimental mitigations in a customized kernel we have constructed. Slightly than merely studying concerning the present state of the secure kernels, the brand new cases can be used to ask the neighborhood to assist us consider the worth of each our newest and extra experimental safety mitigations.
At present, we’re beginning with a set of mitigations we consider will make a lot of the vulnerabilities (9/10 vulns and 10/13 exploits) we acquired this previous yr tougher to take advantage of. For brand spanking new exploits of vulnerabilities submitted which additionally compromise the most recent Linux kernel, we can pay an extra $21,000 USD. For these which compromise our customized Linux kernel with our experimental mitigations, the reward can be one other $21,000 USD (if they’re clearly bypassing the mitigations we’re testing). This brings the whole rewards as much as a most of $133,337 USD. We hope it will enable us to study extra about how exhausting (or straightforward) it’s to bypass our experimental mitigations.
The mitigations we have constructed try and sort out the next exploit primitives:
With the kCTF VRP program, we’re constructing a pipeline to investigate, experiment, measure and construct safety mitigations to make the Linux kernel as protected as we will with the assistance of the safety neighborhood. We hope that, over time, we can make safety mitigations that make exploitation of Linux kernel vulnerabilities as exhausting as potential.