Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Making Linux Kernel Exploit Cooking Harder

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Making Linux Kernel Exploit Cooking Harder


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: security.googleblog.com


Posted by Eduardo Vela, Exploit Critic

Cover of the medieval cookbook. Title in large letters kernel Exploits. Adorned. Featuring a small penguin. 15th century. Color. High quality picture. Private collection. Detailed.




The Linux kernel is a key component for the security of the Internet. Google uses Linux in almost everything, from the computers our employees use, to the products people around the world use daily like Chromebooks, Android on phones, cars, and TVs, and workloads on Google Cloud. Because of this, we have heavily invested in Linuxโ€™s security - and today, weโ€™re announcing how weโ€™re building on those investments and increasing our rewards.


In 2020, we launched an open-source Kubernetes-based Capture-the-Flag (CTF) project called, kCTF. The kCTF Vulnerability Rewards Program (VRP) lets researchers connect to our Google Kubernetes Engine (GKE) instances, and if they can hack it, they get a flag, and are potentially rewarded. All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability. Weโ€™ve learned that finding and exploiting heap memory corruption vulnerabilities in the Linux kernel could be made a lot harder. Unfortunately, security mitigations are often hard to quantify, however, we think weโ€™ve found a way to do so concretely going forward.


When we launched kCTF, we hoped to build a community of Linux kernel exploitation hackers. This worked well and allowed the community to learn from several members of the security community like Markak, starlabs, Crusaders of Rust, d3v17, slipper@pangu, valis, kylebot, pqlqpql and Awarau.


Now, weโ€™re making updates to the kCTF program. First, we are indefinitely extending the increased reward amounts we announced earlier this year, meaning weโ€™ll continue to pay $20,000 - $91,337 USD for vulnerabilities on our lab kCTF deployment to reward the important work being done to understand and improve kernel security. This is in addition to our existing patch rewards for proactive security improvements.


Second, weโ€™re launching new instances with additional rewards to evaluate the latest Linux kernel stable image as well as new experimental mitigations in a custom kernel we've built. Rather than simply learning about the current state of the stable kernels, the new instances will be used to ask the community to help us evaluate the value of both our latest and more experimental security mitigations.ย 


Today, we are starting with a set of mitigations we believe will make most of the vulnerabilities (9/10 vulns and 10/13 exploits) we received this past year more difficult to exploit. For new exploits of vulnerabilities submitted which also compromise the latest Linux kernel, we will pay an additional $21,000 USD. For those which compromise our custom Linux kernel with our experimental mitigations, the reward will be another $21,000 USD (if they are clearly bypassing the mitigations we are testing). This brings the total rewards up to a maximum of $133,337 USD. We hope this will allow us to learn more about how hard (or easy) it is to bypass our experimental mitigations.


The mitigations we've built attempt to tackle the following exploit primitives:

  • Out-of-bounds write on slab

  • Cross-cache attacks

  • Elastic objects

  • Freelist corruption


With the kCTF VRP program, we are building a pipeline to analyze, experiment, measure and build security mitigations to make the Linux kernel as safe as we can with the help of the security community. We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.

...



๐Ÿ“Œ Making Linux Kernel Exploit Cooking Harder


๐Ÿ“ˆ 57.15 Punkte

๐Ÿ“Œ Google wants to make Linux kernel flaws harder to exploit


๐Ÿ“ˆ 28.06 Punkte

๐Ÿ“Œ Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Facebook Is Making It Harder For Hackers To Hijack Your Accounts


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Dev to Reg: Making web pages pretty is harder than building crypto


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Hackers are making DDoS attacks sneakier and harder to protect against


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Google Making Cobalt Strike Pentesting Tool Harder to Abuse


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ 'Our Addiction To Links is Making Good Journalism Harder To Read'


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Venmo Considers Making it Harder to See What Other People Are Buying, Report Says


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Videogame Developers Are Making It Harder To Stop Playing


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Making a usable HDD/system that's harder to clone?


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Google is Making it Harder for Android Apps To Track You Once You've Opted Out


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ Samsung Making It Harder To Know What Type of OLED TV You're Getting


๐Ÿ“ˆ 25.61 Punkte

๐Ÿ“Œ HPR3299: Linux Inlaws S01E26: Make your Linux harder


๐Ÿ“ˆ 21.35 Punkte

๐Ÿ“Œ #0daytoday #Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer Exploit [dos #exploits #0day #Exploit]


๐Ÿ“ˆ 20.88 Punkte

๐Ÿ“Œ Friday Squid Blogging: Cooking with Squid Ink


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Friday Squid Blogging: Cooking with Squid Ink


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Friday Squid Blogging: Squid Cooking Techniques


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Zeus Sphinx Pushes Empty Configuration Files โ€” What Has the Sphinx Got Cooking?


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Get cooking with GNOME Recipes


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ LKML: Kent Overstreet: bcachefs status update (it's done cooking; let's get this sucker merged)


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Cooking Mama: Cookstar in Deutschland fรผr Nintendo Switch eingestuft


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Casbaneiro: Dangerous cooking with a secret ingredient


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Casbaneiro: Dangerous cooking with a secret ingredient


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Crazy cryptomining Cooking Mama rumours spread as game pulled from Nintendo Switch online store


๐Ÿ“ˆ 19.86 Punkte

๐Ÿ“Œ Cooking Sunday Roast Causes Indoor Pollution 'Worse Than Delhi'


๐Ÿ“ˆ 19.86 Punkte











matomo