leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

docs: sweep stale counts to match v0.9.2 binary state

Browse Source 
Audit found several user-facing surfaces still carrying old numbers
from earlier releases. Brought everything in line with the binary's
authoritative footer ('39 modules · 10 KEV · 28 verified · 7 any').

README.md:
- Status section: v0.9.0 → v0.9.2 framing; describe the 22 → 28
  verification arc (v0.9.1 + v0.9.2)
- '119 detection rules' → 151 (current bundled count)
- '10 of 26 KEV-listed' → '10 of 34'
- 'Not yet verified (4 of 26 CVEs)' → '(6 of 34 CVEs)' with the new
  honest list (vmwgfx, dirty_cow, mutagen_astronomy, pintheft,
  vsock_uaf, fragnesia) and the reason each is blocked
- Example --auto output: 31 → 39 modules

docs/index.html:
- '22 of 26 CVEs confirmed' → '28 of 34', mainline kernel list expanded
  (5.4.0-26 / 5.15.5 / 6.1.10 / 6.19.7)
- Corpus section '26 CVEs across 10 years' → '34 CVEs'
- '26 CVEs, 10-year span' (author list intro) → '34 CVEs'
- Footer feature list '22 of 26' → '28 of 34'
- KEV stat chip 11 → 10 (matches binary; the anticipated 11th from
  metadata refresh hasn't been added yet)
- '119 detection rules' → '151' (two occurrences)

docs/og.svg + og.png:
- KEV chip 11 → 10 (matches binary)

CVES.md:
- '31 modules' → '39 modules covering 34 CVEs'
- Rewrote the unverified-rows note to match the actual 6-module list

No content changes to RELEASE_NOTES.md or ROADMAP.md — those entries
correctly describe state at the time they were written.
This commit is contained in:
KaraZajac
2026-05-24 00:09:21 -04:00
parent 66cca39a55
commit d52fcd5512
5 changed files with 43 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CVES.md
+10 -9
View File
@@ -23,16 +23,17 @@ Status legend:
- 🔴 **DEPRECATED** — fully patched everywhere relevant; kept for
historical reference only
**Counts:** 31 modules total — 28 verified (🟢 14 · 🟡 14) plus 3
ported-but-unverified (`dirtydecrypt`, `fragnesia`, `pack2theroot`
see note below). 🔵 0 · ⚪ 0 planned-with-stub · 🔴 0. (One ⚪ row
below — CVE-2026-31402 — is a *candidate* with no module, not counted
as a module.)
**Counts:** 39 modules total covering 34 CVEs; **28 of 34 CVEs
verified end-to-end in real VMs** via `tools/verify-vm/`. 🔵 0 · ⚪ 0
planned-with-stub · 🔴 0. (One ⚪ row below — CVE-2026-31402 — is a
*candidate* with no module, not counted as a module.)
> **Note on `dirtydecrypt` / `fragnesia` / `pack2theroot`:** all three
> are ported from public PoCs. The **exploit bodies** are not yet
> VM-verified end-to-end, so they're listed 🟡 but excluded from the
> 28-module verified corpus.
> **Note on unverified rows:** `vmwgfx` / `dirty_cow` /
> `mutagen_astronomy` / `pintheft` / `vsock_uaf` / `fragnesia` are
> blocked by their target environment (VMware-only, kernel < 4.4,
> mainline panic, kmod not autoloaded, or t64-transition libs),
> not by missing code. See
> [`tools/verify-vm/targets.yaml`](tools/verify-vm/targets.yaml).
>
> All three now have **pinned fix commits and version-based
> `detect()`**: