I-Google isimemezele ukunwetshwa kohlelo lwayo lokuklomelisa imali ekuhlonzeni izinkinga zokuphepha ku-Linux kernel, inkundla ye-orchestration ye-Kubernetes, i-Google Kubernetes Engine (GKE), kanye ne-kCTF (Kubernetes Capture the Flag) indawo yokuncintisana yokuba sengozini.
Uhlelo lwemiklomelo luhlanganisa izinkokhelo ezengeziwe zebhonasi engu-$20 ngobungozi bezinsuku ezingu-0, ngezenzo ezingadingi ukusekelwa kwezikhala zamagama abasebenzisi, kanye nokubonisa izindlela zokuxhaphaza ezintsha. Inkokhelo eyisisekelo yokubonisa ukuxhashazwa okusebenzayo ku-kCTF ingu-$31337 (inkokhelo eyisisekelo yenziwa kubahlanganyeli wokuqala ukuze abonise ukuxhashazwa okusebenzayo, kodwa izinkokhelo zebhonasi zingasetshenziswa ekuxhashazweni okulandelayo ngenxa yokuba sengozini okufanayo).
Sekukonke, uma kucatshangelwa amabhonasi, umvuzo omkhulu wosuku olu-1 lokuxhaphaza (izinkinga ezikhonjwe ngokusekelwe ekuhlaziyweni kokulungiswa kweziphazamisi kusisekelo sekhodi esingamakwanga ngokusobala njengobungozi) ungafinyelela ku-$71337 (yayingu-$31337), futhi ngosuku olungu-0 (izinkinga ezingakalungiswa okwamanje) - $91337 (yayingu-$50337). Uhlelo lokukhokha luzosebenza kuze kube umhla ka-31 Disemba 2022.
Kuyaphawulwa ukuthi phakathi nezinyanga ezintathu ezedlule, i-Google icubungule izicelo ze-9 ngolwazi mayelana nokukhubazeka, okukhokhelwe ama-dollar ayizinkulungwane ezingu-175. Abacwaningi ababambe iqhaza balungiselele imisebenzi emihlanu yokuba sengozini yosuku olungu-0 kanye nokubili kobungozi bosuku olungu-1. Ezinkingeni ezintathu esezivele zilungisiwe ku-Linux kernel (CVE-2021-4154 ku-cgroup-v1, CVE-2021-22600 ku-af_packet kanye ne-CVE-2022-0185 ku-VFS), imininingwane idalulwe esidlangalaleni (lezi zinkinga bezihlonzwe ngaphambilini ngokusebenzisa I-Syzkaller kanye nokulungiswa kwengezwe ku-kernel ngemva kokuhlukana kabili).
Source: opennet.ru