scaffold: 4 new module dirs + registry/Makefile wiring (stubs)

Pre-scaffolding for the next batch (CVE-2023-32233, CVE-2023-4622,
CVE-2022-25636, CVE-2023-0179). Each module ships as a 21-line
stub returning PRECOND_FAIL; parallel agents fill in the real
detect/exploit/--full-chain implementations.

This commit keeps registry.h / iamroot.c / Makefile in one place
so the 4 parallel agents don't collide on shared-file edits — they
each own a single iamroot_modules.c.

Build clean on Debian 6.12.86; --list shows all 24 modules
including the 4 new stubs.

modules/af_unix_gc_cve_2023_4622/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* af_unix_gc_cve_2023_4622 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t af_unix_gc_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module af_unix_gc_module = {
+    .name = "af_unix_gc",
+    .cve = "CVE-2023-4622",
+    .summary = "AF_UNIX garbage-collector race UAF (Lin Ma) — stub pending implementation",
+    .family = "af_unix",
+    .kernel_range = "2.0 ≤ K < 6.5",
+    .detect = af_unix_gc_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_af_unix_gc(void) { iamroot_register(&af_unix_gc_module); }

modules/af_unix_gc_cve_2023_4622/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * af_unix_gc_cve_2023_4622 — IAMROOT module registry hook
+ */
+
+#ifndef AF_UNIX_GC_IAMROOT_MODULES_H
+#define AF_UNIX_GC_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module af_unix_gc_module;
+
+#endif

modules/nft_fwd_dup_cve_2022_25636/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* nft_fwd_dup_cve_2022_25636 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t nft_fwd_dup_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module nft_fwd_dup_module = {
+    .name = "nft_fwd_dup",
+    .cve = "CVE-2022-25636",
+    .summary = "nft_fwd_dup_netdev_offload heap OOB (Aaron Adams) — stub pending implementation",
+    .family = "nf_tables",
+    .kernel_range = "5.4 ≤ K < 5.18",
+    .detect = nft_fwd_dup_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_nft_fwd_dup(void) { iamroot_register(&nft_fwd_dup_module); }

modules/nft_fwd_dup_cve_2022_25636/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * nft_fwd_dup_cve_2022_25636 — IAMROOT module registry hook
+ */
+
+#ifndef NFT_FWD_DUP_IAMROOT_MODULES_H
+#define NFT_FWD_DUP_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module nft_fwd_dup_module;
+
+#endif

modules/nft_payload_cve_2023_0179/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* nft_payload_cve_2023_0179 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t nft_payload_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module nft_payload_module = {
+    .name = "nft_payload",
+    .cve = "CVE-2023-0179",
+    .summary = "nft_payload set-id memory corruption (Davide Ornaghi) — stub pending implementation",
+    .family = "nf_tables",
+    .kernel_range = "5.4 ≤ K < 6.2",
+    .detect = nft_payload_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_nft_payload(void) { iamroot_register(&nft_payload_module); }

modules/nft_payload_cve_2023_0179/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * nft_payload_cve_2023_0179 — IAMROOT module registry hook
+ */
+
+#ifndef NFT_PAYLOAD_IAMROOT_MODULES_H
+#define NFT_PAYLOAD_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module nft_payload_module;
+
+#endif

modules/nft_set_uaf_cve_2023_32233/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* nft_set_uaf_cve_2023_32233 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t nft_set_uaf_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module nft_set_uaf_module = {
+    .name = "nft_set_uaf",
+    .cve = "CVE-2023-32233",
+    .summary = "nf_tables anonymous-set UAF (Sondej+Krysiuk) — stub pending implementation",
+    .family = "nf_tables",
+    .kernel_range = "5.1 ≤ K < 6.4; backports to LTS pending",
+    .detect = nft_set_uaf_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_nft_set_uaf(void) { iamroot_register(&nft_set_uaf_module); }

modules/nft_set_uaf_cve_2023_32233/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * nft_set_uaf_cve_2023_32233 — IAMROOT module registry hook
+ */
+
+#ifndef NFT_SET_UAF_IAMROOT_MODULES_H
+#define NFT_SET_UAF_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module nft_set_uaf_module;
+
+#endif