Google yakazivisa kuwedzera kwechirongwa chekubhadhara mibairo yemari yekuzivisa nyaya dzekuchengetedza muLinux kernel, Kubernetes mudziyo orchestration chikuva, iyo GKE (Google Kubernetes Engine) injini uye kCTF (Kubernetes Capture the Flag) nharaunda yemakwikwi enjodzi.
Chirongwa chebounty chinosanganisira imwezve $20 bhonasi yekusagadzikana kwe0-day, yezviitiko zvisingade tsigiro yenzvimbo dzemazita evashandisi (mazita emushandisi), uye yekuratidza nzira nyowani dzekushandisa. Kubhadhara kwekutanga kwekuratidza kushandiswa kwekushanda mu kCTF i $31337 (iyo yekutanga payout inoenda kune uyo anotora chikamu anotanga kuratidza kushanda kwekushanda, asi kubhadhara kwebhonasi kunogona kushandiswa kune kunotevera kushandiswa kwekusagadzikana kwakafanana).
Pakazara, uchifunga nezvemabhonasi, mubairo wakakura wekushandiswa kwezuva-1 (matambudziko akaonekwa zvichibva pakuongororwa kwebug inogadziriswa mucodebase isina kunyorwa pachena sehutera) inogona kusvika kusvika $71337 (yaive $31337), uye ye 0-zuva (matambudziko asati agadziriswa) - $91337 (yaive $50337). Chirongwa chekubhadhara chichashanda kusvika Zvita 31, 2022.
Zvinocherechedzwa kuti mumwedzi mitatu yapfuura, Google yakagadzirisa zvikumbiro zve9 zvine ruzivo rwekusagadzikana, iyo 175 zviuru zvemadhora zvakabhadharwa. Vatsvagiri vari kutora chikamu vakagadzira zviitiko zvishanu zvekusagadzikana kwe0-zuva uye maviri ekusagadzikana kwezuva 1. Nyaya nhatu dzakatogadziriswa muLinux kernel (CVE-2021-4154 mu cgroup-v1, CVE-2021-22600 mu af_packet uye CVE-2022-0185 muVFS) dzakaburitswa pachena (nyaya idzi dzakatoonekwa kuburikidza neSyzkaller zvigadziriso zvakawedzerwa kune kernel maviri akaputsika).
Source: opennet.ru