Google increased amount of remuneration for identification of vulnerabilities in Linux and Kubernets kernel

Google announced About expanding initiative Payment of monetary rewards for identifying security problems in the Linux kernel, platform for orchestration containers KUBERNETES, engine GKE (Google Kubernets Engine) and Surrounding for conducting competitions for searching for vulnerabilities kctf (kubernets Capture The Flag ).

The remuneration program introduced additional payments in the size of 20 thousand dollars for 0-day emotability, for the exploits that do not require the inclusion of support for the namespace of the user interfaces (User Namespaces) and for the demonstration of new methods of operation. Taking into account the bonuses, the maximum amount of remuneration for 1-day exploit is now 71337 dollars (it was $ 31337), and for 0-day – $ 91337 (there was $ 50337).
The payment program will be valid until December 31, 2022.

It is noted that over the past three months, Google has processed 9 applications with information about vulnerabilities, for which 175 thousand dollars were paid. Asked by researchers, five exploits were prepared for 0-Day immaculates (problems for which there are no fix) and two for 1-day vulnerabilities (problems identified on the basis of an analysis of error corrections in the code base, obviously not labeled as vulnerabilities). Three already fixed in the Linux kernel problems ( CVE-2021-4154 in CGroup-V1, CVE-2021-22600 in AF_PACKET and CVE-2022-0185 in VFS) information is disclosed publicly (specified The problems have already been identified through Syzkaller and for two breakdowns in the kernel were added).

/Media reports.