release v0.9.2: dirtydecrypt verified on mainline 6.19.7 (22 → 28)

Verifies CVE-2026-31635 dirtydecrypt's OK path on a kernel that
predates the bug: 'kernel predates the rxgk RESPONSE-handling code
added in 7.0' — match. Confirms detect() doesn't false-positive on
older 6.x kernels.

Attempted fragnesia (CVE-2026-46300) but mainline 7.0.5 .debs depend
on libssl3t64 / libelf1t64 (t64-transition libs from Ubuntu 24.04+ /
Debian 13+). No Parallels-supported Vagrant box ships those yet —
dpkg --force-depends leaves the kernel package in iHR state with no
/boot/vmlinuz. Marked manual: true with rationale.

Verifier infrastructure: pin-mainline now uses dpkg --force-depends as
a fallback so partial-install state can at least be inspected.

docs/RELEASE_NOTES.md

@@ -1,3 +1,20 @@
+## SKELETONKEY v0.9.2 — dirtydecrypt verified on mainline 6.19.7
+
+One more empirical verification: **CVE-2026-31635 dirtydecrypt** confirmed
+end-to-end on Ubuntu 22.04 + mainline 6.19.7. detect() correctly returns
+OK ("kernel predates the rxgk RESPONSE-handling code added in 7.0"). Footer
+goes 27 → 28.
+
+Attempted but deferred: **CVE-2026-46300 fragnesia**. Mainline 7.0.5 kernel
+.debs depend on `libssl3t64` / `libelf1t64` (the t64-transition libs
+introduced in Ubuntu 24.04 / Debian 13). No Vagrant box with a Parallels
+provider has those libs yet — `dpkg --force-depends` leaves the kernel
+package in `iHR` (broken) state with no `/boot/vmlinuz` deposited. Marked
+`manual: true` with rationale in `targets.yaml`. Resolvable when a
+Parallels-supported ubuntu2404 / debian13 box becomes available.
+
+---
+
 ## SKELETONKEY v0.9.1 — VM verification sweep (22 → 27)
 
 Five more CVEs empirically confirmed end-to-end against real Linux VMs

docs/VERIFICATIONS.jsonl

@@ -33,3 +33,4 @@
 {"module":"nft_pipapo","verified_at":"2026-05-24T03:27:10Z","host_kernel":"5.15.5-051505-generic","host_distro":"Ubuntu 22.04.3 LTS","vm_box":"generic/ubuntu2204","expect_detect":"VULNERABLE","actual_detect":"VULNERABLE","status":"match"}
 {"module":"sudo_runas_neg1","verified_at":"2026-05-24T03:29:18Z","host_kernel":"4.15.0-213-generic","host_distro":"Ubuntu 18.04.6 LTS","vm_box":"generic/ubuntu1804","expect_detect":"VULNERABLE","actual_detect":"VULNERABLE","status":"match"}
 {"module":"tioscpgrp","verified_at":"2026-05-24T03:31:08Z","host_kernel":"5.4.0-26-generic","host_distro":"Ubuntu 20.04.6 LTS","vm_box":"generic/ubuntu2004","expect_detect":"VULNERABLE","actual_detect":"VULNERABLE","status":"match"}
+{"module":"dirtydecrypt","verified_at":"2026-05-24T03:55:18Z","host_kernel":"6.19.7-061907-generic","host_distro":"Ubuntu 22.04.3 LTS","vm_box":"generic/ubuntu2204","expect_detect":"OK","actual_detect":"OK","status":"match"}

docs/index.html

@@ -4,9 +4,9 @@
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>SKELETONKEY — Linux LPE corpus, VM-verified, SOC-ready detection</title>
-<meta name="description" content="One binary. 39 Linux privilege-escalation modules from 2016 to 2026. 27 of 34 CVEs empirically verified in real Linux VMs. 10 KEV-listed. 151 detection rules across auditd/sigma/yara/falco. MITRE ATT&CK and CWE annotated. --explain gives operator briefings.">
+<meta name="description" content="One binary. 39 Linux privilege-escalation modules from 2016 to 2026. 28 of 34 CVEs empirically verified in real Linux VMs. 10 KEV-listed. 151 detection rules across auditd/sigma/yara/falco. MITRE ATT&CK and CWE annotated. --explain gives operator briefings.">
 <meta property="og:title" content="SKELETONKEY — Linux LPE corpus, VM-verified">
-<meta property="og:description" content="39 Linux LPE modules; 27 of 34 CVEs empirically verified in real VMs. 151 detection rules. ATT&CK + CWE + KEV annotated.">
+<meta property="og:description" content="39 Linux LPE modules; 28 of 34 CVEs empirically verified in real VMs. 151 detection rules. ATT&CK + CWE + KEV annotated.">
 <meta property="og:type" content="website">
 <meta property="og:url" content="https://karazajac.github.io/SKELETONKEY/">
 <meta property="og:image" content="https://karazajac.github.io/SKELETONKEY/og.png">
@@ -56,14 +56,14 @@
   <div class="container hero-inner">
     <div class="hero-eyebrow">
       <span class="dot dot-pulse"></span>
-      v0.9.1 — released 2026-05-24
+      v0.9.2 — released 2026-05-24
     </div>
     <h1 class="hero-title">
       <span class="display-wordmark">SKELETONKEY</span>
     </h1>
     <p class="hero-tag">
       One binary. <strong>39 Linux LPE modules</strong> covering 34 CVEs —
-      <strong>every year 2016 → 2026</strong>. 27 of 34 confirmed against
+      <strong>every year 2016 → 2026</strong>. 28 of 34 confirmed against
       real Linux kernels in VMs. SOC-ready detection rules in four SIEM
       formats. MITRE ATT&amp;CK + CWE + CISA KEV annotated.
       <span class="hero-tag-pop">--explain gives a one-page operator briefing per CVE.</span>
@@ -82,7 +82,7 @@
 
     <div class="stats-row" id="stats-row">
       <div class="stat-chip"><span class="num" data-target="39">0</span><span>modules</span></div>
-      <div class="stat-chip stat-vfy"><span class="num" data-target="27">0</span><span>✓ VM-verified</span></div>
+      <div class="stat-chip stat-vfy"><span class="num" data-target="28">0</span><span>✓ VM-verified</span></div>
       <div class="stat-chip stat-kev"><span class="num" data-target="11">0</span><span>★ in CISA KEV</span></div>
       <div class="stat-chip"><span class="num" data-target="151">0</span><span>detection rules</span></div>
     </div>
@@ -598,7 +598,7 @@ uid=0(root) gid=0(root)</pre>
       who found the bugs.
     </p>
     <p class="footer-meta">
-      v0.9.1 · MIT · <a href="https://github.com/KaraZajac/SKELETONKEY">github.com/KaraZajac/SKELETONKEY</a>
+      v0.9.2 · MIT · <a href="https://github.com/KaraZajac/SKELETONKEY">github.com/KaraZajac/SKELETONKEY</a>
     </p>
   </div>
 </footer>

docs/og.svg

@@ -39,7 +39,7 @@
     Curated Linux LPE corpus.
   </text>
   <text x="80" y="278" font-family="'Inter',sans-serif" font-size="30" fill="#c5c5d3" font-weight="500">
-    Every year 2016 → 2026. 27 of 34 verified.
+    Every year 2016 → 2026. 28 of 34 verified.
   </text>
 
   <!-- stat chips -->
@@ -49,9 +49,9 @@
     <text x="28" y="38" font-family="'JetBrains Mono',monospace" font-weight="700" font-size="22" fill="#ecedf7">39</text>
     <text x="64" y="37" font-family="'Inter',sans-serif" font-size="16" fill="#8a8a9d">modules</text>
 
-    <!-- 27 VM-verified -->
+    <!-- 28 VM-verified -->
     <rect x="206" y="0" width="240" height="58" rx="29" fill="#161628" stroke="#10b981" stroke-opacity="0.5"/>
-    <text x="234" y="38" font-family="'JetBrains Mono',monospace" font-weight="700" font-size="22" fill="#34d399">27</text>
+    <text x="234" y="38" font-family="'JetBrains Mono',monospace" font-weight="700" font-size="22" fill="#34d399">28</text>
     <text x="270" y="37" font-family="'Inter',sans-serif" font-size="16" fill="#8a8a9d">✓ VM-verified</text>
 
     <!-- 11 KEV -->