scaffold: 4 new module dirs (sudo_samedit, sequoia, sudoedit_editor, vmwgfx)

Stubs returning PRECOND_FAIL. Parallel agents fill in real detect/exploit.
2026-05-17 01:47:28 -04:00
parent 324b539d65
commit 5a73565e0e
11 changed files with 125 additions and 1 deletions
@@ -0,0 +1,20 @@
+/* sequoia_cve_2021_33909 — STUB pending agent implementation. */
+#include "skeletonkey_modules.h"
+#include "../../core/registry.h"
+
+static skeletonkey_result_t sequoia_detect(const struct skeletonkey_ctx *ctx)
+{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
+
+const struct skeletonkey_module sequoia_module = {
+    .name = "sequoia",
+    .cve = "CVE-2021-33909",
+    .summary = "seq_file size_t overflow → kernel stack write (Qualys Sequoia) — stub pending implementation",
+    .family = "filesystem",
+    .kernel_range = "K < 5.13.4 / 5.10.52 / 5.4.134",
+    .detect = sequoia_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void skeletonkey_register_sequoia(void) { skeletonkey_register(&sequoia_module); }
@@ -0,0 +1,5 @@
+#ifndef SEQUOIA_SKELETONKEY_MODULES_H
+#define SEQUOIA_SKELETONKEY_MODULES_H
+#include "../../core/module.h"
+extern const struct skeletonkey_module sequoia_module;
+#endif
@@ -0,0 +1,20 @@
+/* sudo_samedit_cve_2021_3156 — STUB pending agent implementation. */
+#include "skeletonkey_modules.h"
+#include "../../core/registry.h"
+
+static skeletonkey_result_t sudo_samedit_detect(const struct skeletonkey_ctx *ctx)
+{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
+
+const struct skeletonkey_module sudo_samedit_module = {
+    .name = "sudo_samedit",
+    .cve = "CVE-2021-3156",
+    .summary = "sudo Baron Samedit heap overflow (Qualys) — stub pending implementation",
+    .family = "sudo",
+    .kernel_range = "sudo 1.8.2 ≤ V ≤ 1.9.5p1 (userspace)",
+    .detect = sudo_samedit_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void skeletonkey_register_sudo_samedit(void) { skeletonkey_register(&sudo_samedit_module); }
@@ -0,0 +1,5 @@
+#ifndef SUDO_SAMEDIT_SKELETONKEY_MODULES_H
+#define SUDO_SAMEDIT_SKELETONKEY_MODULES_H
+#include "../../core/module.h"
+extern const struct skeletonkey_module sudo_samedit_module;
+#endif
@@ -0,0 +1,20 @@
+/* sudoedit_editor_cve_2023_22809 — STUB pending agent implementation. */
+#include "skeletonkey_modules.h"
+#include "../../core/registry.h"
+
+static skeletonkey_result_t sudoedit_editor_detect(const struct skeletonkey_ctx *ctx)
+{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
+
+const struct skeletonkey_module sudoedit_editor_module = {
+    .name = "sudoedit_editor",
+    .cve = "CVE-2023-22809",
+    .summary = "sudoedit EDITOR/VISUAL `--` argv escape → arbitrary file write as root — stub pending implementation",
+    .family = "sudo",
+    .kernel_range = "sudo 1.8.0 ≤ V < 1.9.12p2 (userspace)",
+    .detect = sudoedit_editor_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void skeletonkey_register_sudoedit_editor(void) { skeletonkey_register(&sudoedit_editor_module); }
@@ -0,0 +1,5 @@
+#ifndef SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H
+#define SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H
+#include "../../core/module.h"
+extern const struct skeletonkey_module sudoedit_editor_module;
+#endif
@@ -0,0 +1,20 @@
+/* vmwgfx_cve_2023_2008 — STUB pending agent implementation. */
+#include "skeletonkey_modules.h"
+#include "../../core/registry.h"
+
+static skeletonkey_result_t vmwgfx_detect(const struct skeletonkey_ctx *ctx)
+{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
+
+const struct skeletonkey_module vmwgfx_module = {
+    .name = "vmwgfx",
+    .cve = "CVE-2023-2008",
+    .summary = "vmwgfx DRM driver buffer-object OOB write — stub pending implementation",
+    .family = "drm",
+    .kernel_range = "K < 6.3-rc6 (vmware-svga / vmwgfx driver)",
+    .detect = vmwgfx_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void skeletonkey_register_vmwgfx(void) { skeletonkey_register(&vmwgfx_module); }
@@ -0,0 +1,5 @@
+#ifndef VMWGFX_SKELETONKEY_MODULES_H
+#define VMWGFX_SKELETONKEY_MODULES_H
+#include "../../core/module.h"
+extern const struct skeletonkey_module vmwgfx_module;
+#endif