Google yalengeza kukulitsa kwa njira yoperekera mphotho zandalama pozindikira zovuta zachitetezo mu Linux kernel, nsanja ya Kubernetes kontena ya orchestration, injini ya GKE (Google Kubernetes Engine) ndi kCTF (Kubernetes Capture the Flag) malo ampikisano omwe ali pachiwopsezo.
Pulogalamu yaulere imaphatikizapo bonasi yowonjezera ya $ 20 pazovuta za tsiku la 0, pazochita zomwe sizikufuna kuthandizira malo ogwiritsira ntchito (malo ogwiritsira ntchito), komanso kuwonetsa njira zatsopano zowonongera. Malipiro oyambira owonetsa kugwirira ntchito mu kCTF ndi $31337 (malipiro oyambira amapita kwa wophunzirayo yemwe amayamba kuwonetsa kugwirira ntchito, koma malipiro a bonasi angagwiritsidwe ntchito pazotsatira zomwe zachitika pachiwopsezo chomwecho).
Pazonse, poganizira mabonasi, mphotho yayikulu yogwiritsira ntchito tsiku la 1 (zovuta zomwe zazindikirika kutengera kusanthula kwa zolakwika mu codebase zomwe sizinatchulidwe kuti ndizowopsa) zitha kufika $71337 (anali $31337), komanso 0-tsiku (vuto silinakonzedwe) - $91337 (inali $50337). Pulogalamu yolipira ikhala yovomerezeka mpaka Disembala 31, 2022.
Zikudziwika kuti m'miyezi itatu yapitayi, Google yakonza mapulogalamu 9 ndi chidziwitso chokhudzana ndi zofooka, zomwe madola 175 adalipidwa. Ofufuza omwe adatenga nawo gawo adakonza zochitika zisanu pazovuta za tsiku la 0 ndi ziwiri zachitetezo cha tsiku limodzi. Nkhani zitatu zomwe zakhazikitsidwa kale mu Linux kernel (CVE-1-2021 mu cgroup-v4154, CVE-1-2021 mu af_packet ndi CVE-22600-2022 mu VFS) zawululidwa poyera (zovutazi zadziwika kale kudzera ku Syzkaller ndi kwa zokonza zidawonjezedwa ku kernel zosweka ziwiri).
Source: opennet.ru