The Actual News

Just the Facts, from multiple news sources.

Google pays $250K for Linux vulnerability allowing guest VM escapes

Google pays $250K for Linux vulnerability allowing guest VM escapes

Summary

Two serious security bugs have been found in Linux, an open-source operating system used around the world. One bug allows virtual machines to break out and take control of the main system, and the other lets users gain higher access rights than allowed. Google paid large rewards to the researchers who found these bugs.

Key Facts

  • A Linux bug called Januscape lets a virtual machine escape its container and take over the host system.
  • Januscape affects KVM, a virtual machine feature used in many Linux systems, and has been undetected for 16 years.
  • The bug works on computers with both AMD and Intel processors.
  • Exploiting Januscape requires root access inside the virtual machine.
  • Another Linux flaw, named GhostLock, allows users with limited rights to gain full root access.
  • GhostLock was found in a kernel system related to task priority and memory handling and existed for 15 years.
  • Google awarded $250,000 for Januscape and $92,337 for GhostLock through its bug bounty program.
  • Both bugs have been fixed with software updates released to protect users.
Read the Full Article

This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.