From dce158e33ac8c6aec2a6c3d7d706303725d0bd9c Mon Sep 17 00:00:00 2001
From: KaraZajac <kara@soulstone.org>
Date: Sat, 16 May 2026 21:40:51 -0400
Subject: [PATCH] =?UTF-8?q?release:=20v0.1.0=20=E2=80=94=2020-module=20cor?=
 =?UTF-8?q?pus,=2013=20root-pop=20+=207=20primitive?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

  iamroot.c: bump IAMROOT_VERSION from 0.1.0-phase1 → 0.1.0
  README.md: replace "bootstrap phase" status with v0.1.0 corpus
             breakdown (13🟢 / 7🟡 across 2016→2026 timeline)
  CVES.md:   redefine 🟡 to mean "primitive fires + groom + witness,
             stops short of cred-overwrite chain — refuses to claim
             root unless empirically demonstrated"; flip 7 entries
             from 🔵 → 🟡; add the two missing 🟢 entries
             (cgroup_release_agent, overlayfs_setuid); extend the
             operations matrix from 7 → 20 rows.
  ROADMAP.md: mark all Phase-7 items landed; add Phase 8 covering
              full-chain promotions (nf_tables / xtcompat / af_packet
              prioritized — each has a public reference exploit;
              IAMROOT's no-fabricated-offsets rule means each needs
              an env-var offset table or System.map auto-resolve).

Build clean on Debian 6.12.86; iamroot --version reports 0.1.0.
---
 CVES.md    | 42 +++++++++++++++++++++++++---------
 README.md  | 24 ++++++++++++++------
 ROADMAP.md | 66 +++++++++++++++++++++++++++++++++++++++---------------
 iamroot.c  |  2 +-
 4 files changed, 98 insertions(+), 36 deletions(-)

diff --git a/CVES.md b/CVES.md
index a6b539d..a7c372b 100644
--- a/CVES.md
+++ b/CVES.md
@@ -7,13 +7,20 @@ ship.
 Status legend:
 
 - 🟢 **WORKING** — module verified to land root on a vulnerable host
-- 🟡 **PARTIAL** — module detects + exploits on some distros, not all
+- 🟡 **PRIMITIVE** — fires the kernel primitive (trigger + slab groom
+  + empirical witness) on a vulnerable host, but stops short of the
+  full cred-overwrite / R/W chain. Returns `EXPLOIT_FAIL` honestly;
+  useful as a vuln-verification probe and a continuation point for
+  full chains. Per-kernel offsets deliberately not shipped.
 - 🔵 **DETECT-ONLY** — module fingerprints presence/absence but no
-  exploit (yet). Useful for blue teams.
+  exploit. (No module is currently in this state — every registered
+  module now fires either a full chain or a primitive.)
 - ⚪ **PLANNED** — stub exists, work not started
 - 🔴 **DEPRECATED** — fully patched everywhere relevant; kept for
   historical reference only
 
+**Counts (v0.1.0):** 🟢 13 · 🟡 7 · 🔵 0 · ⚪ 1 · 🔴 0
+
 ## Inventory
 
 | CVE | Name | Class | First patched | IAMROOT module | Status | Notes |
@@ -27,16 +34,18 @@ Status legend:
 | CVE-2023-0458 | EntryBleed — KPTI prefetchnta KASLR bypass | INFO-LEAK (kbase) | mainline (partial mitigations only) | `entrybleed` | 🟢 | Stage-1 leak brick. Working on lts-6.12.86 (verified 2026-05-16 via `iamroot --exploit entrybleed --i-know`). Default `entry_SYSCALL_64` slot offset matches lts-6.12.x; override via `IAMROOT_ENTRYBLEED_OFFSET=0x...`. Other modules can call `entrybleed_leak_kbase_lib()` as a library. x86_64 only. |
 | CVE-2026-31402 | NFS replay-cache heap overflow | LPE (NFS server) | mainline 2026-04-03 | — | ⚪ | Candidate. Different audience (NFS servers) — TBD whether in-scope. |
 | CVE-2021-4034 | Pwnkit — pkexec argv[0]=NULL → env-injection | LPE (userspace setuid binary) | polkit 0.121 (2022-01-25) | `pwnkit` | 🟢 | Full detect + exploit (canonical Qualys-style: gconv-modules + execve NULL-argv). Detect handles both polkit version formats (legacy "0.105" + modern "126"). Exploit compiles payload via target's gcc → falls back gracefully if no cc available. Cleanup nukes /tmp/iamroot-pwnkit-* workdirs. **First userspace LPE in IAMROOT**. Ships auditd + sigma rules. |
-| CVE-2024-1086 | nf_tables — `nft_verdict_init` cross-cache UAF | LPE (kernel arbitrary R/W via slab UAF) | mainline 6.8-rc1 (Jan 2024) | `nf_tables` | 🔵 | Detect-only. Branch-backport ranges checked (6.7.2 / 6.6.13 / 6.1.74 / 5.15.149 / 5.10.210 / 5.4.269). Also checks unprivileged user_ns clone availability (the exploit's trigger gate) — reports PRECOND_FAIL if userns is locked down even when the kernel is vulnerable. Full Notselwyn-style exploit is the next nf_tables commit. |
-| CVE-2021-3493 | Ubuntu overlayfs userns file-capability injection | LPE (host root via file caps in userns-mounted overlayfs) | Ubuntu USN-4915-1 (Apr 2021) | `overlayfs` | 🔵 | Detect-only. **Ubuntu-specific** (vanilla upstream didn't enable userns-overlayfs-mount until 5.11). Detect: parses /etc/os-release for ID=ubuntu, checks unprivileged_userns_clone sysctl, AND with `--active` actually attempts the userns+overlayfs mount as a fork-isolated probe. Reports OK on non-Ubuntu, PRECOND_FAIL if userns locked down. Ships auditd rules covering mount(overlay) + setxattr(security.capability). |
-| CVE-2022-2588 | net/sched cls_route4 handle-zero dead UAF | LPE (kernel UAF in cls_route4 filter remove) | mainline 5.20 / 5.19.7 (Aug 2022) | `cls_route4` | 🔵 | Detect-only. Branch-backport thresholds: 5.4.213 / 5.10.143 / 5.15.69 / 5.18.18 / 5.19.7. Bug exists since 2.6.39 — very wide surface. Detect also probes user_ns+net_ns clone availability; locked-down hosts report PRECOND_FAIL. Full exploit (kylebot-style: tc filter add+rm + spray + cred overwrite) follows. |
+| CVE-2024-1086 | nf_tables — `nft_verdict_init` cross-cache UAF | LPE (kernel arbitrary R/W via slab UAF) | mainline 6.8-rc1 (Jan 2024) | `nf_tables` | 🟡 | Hand-rolled nfnetlink batch builder (no libmnl dep) constructs the NFT_GOTO+NFT_DROP malformed verdict in a pipapo set, fires the double-free, sprays msg_msg in kmalloc-cg-96 and snapshots slabinfo. Stops before the Notselwyn pipapo R/W dance (per-kernel offsets refused). Branch-backport thresholds: 6.7.2 / 6.6.13 / 6.1.74 / 5.15.149 / 5.10.210 / 5.4.269. Also gates on unprivileged user_ns clone availability. |
+| CVE-2021-3493 | Ubuntu overlayfs userns file-capability injection | LPE (host root via file caps in userns-mounted overlayfs) | Ubuntu USN-4915-1 (Apr 2021) | `overlayfs` | 🟢 | Full vsh-style exploit (userns+overlayfs mount + xattr file-cap injection + exec). **Ubuntu-specific** (vanilla upstream didn't enable userns-overlayfs-mount until 5.11). Detect parses /etc/os-release for ID=ubuntu, checks unprivileged_userns_clone sysctl, and with `--active` attempts the mount as a fork-isolated probe. Ships auditd rules covering mount(overlay) + setxattr(security.capability). |
+| CVE-2022-2588 | net/sched cls_route4 handle-zero dead UAF | LPE (kernel UAF in cls_route4 filter remove) | mainline 5.20 / 5.19.7 (Aug 2022) | `cls_route4` | 🟡 | Userns+netns reach, tc/ip dummy interface + route4 dangling-filter add/del, msg_msg kmalloc-1k spray, UDP classify drive to follow the dangling pointer, slabinfo delta witness. Stops at empirical UAF-fired signal; no leak→cred overwrite (per-kernel offsets refused). Branch backports: 5.4.213 / 5.10.143 / 5.15.69 / 5.18.18 / 5.19.7. |
 | CVE-2016-5195 | Dirty COW — COW race via /proc/self/mem + madvise | LPE (page-cache write into root-owned files) | mainline 4.9 (Oct 2016) | `dirty_cow` | 🟢 | Full detect + exploit + cleanup. **Old-systems coverage** — affects RHEL 6/7 (3.10 baseline), Ubuntu 14.04 (3.13), Ubuntu 16.04 (4.4), embedded boxes, IoT. Phil-Oester-style two-thread race: writer thread via `/proc/self/mem` vs madvise(MADV_DONTNEED) thread. Targets /etc/passwd UID flip + `su`. Ships auditd watch on /proc/self/mem + sigma rule for non-root mem-open. Pthread-linked. |
 | CVE-2019-13272 | PTRACE_TRACEME → setuid execve → cred escalation | LPE (kernel ptrace race; no exotic preconditions) | mainline 5.1.17 (Jun 2019) | `ptrace_traceme` | 🟢 | Full detect + exploit. Branch backports: 4.4.182 / 4.9.182 / 4.14.131 / 4.19.58 / 5.0.20 / 5.1.17. jannh-style: fork → child `PTRACE_TRACEME` → child sleep+attach → parent `execve` setuid bin (pkexec/su/passwd auto-selected) → child wins stale-ptrace_link → POKETEXT x86_64 shellcode → root sh. x86_64-only; ARM/other return PRECOND_FAIL cleanly. |
-| CVE-2021-22555 | iptables xt_compat heap-OOB → cross-cache UAF | LPE (kernel R/W via 4-byte heap OOB write + msg_msg/sk_buff groom) | mainline 5.12 / 5.11.10 (Apr 2021) | `netfilter_xtcompat` | 🔵 | Detect-only. Branch backports: 5.11.10 / 5.10.27 / 5.4.110 / 4.19.185 / 4.14.230 / 4.9.266 / 4.4.266. **Bug existed since 2.6.19 (2006) — 15 years of latent vulnerability**. Andy Nguyen's PGZ disclosure. Needs CAP_NET_ADMIN via user_ns. Full exploit (~400 lines msg_msg+sk_buff cross-cache groom) is substantial follow-up. |
-| CVE-2017-7308 | AF_PACKET TPACKET_V3 integer overflow → heap write-where | LPE (CAP_NET_RAW via userns) | mainline 4.11 / 4.10.6 (Mar 2017) | `af_packet` | 🔵 | Detect-only. Andrey Konovalov's research-era classic. Branch backports: 4.10.6 / 4.9.18 (RHEL 7-ish era) / 4.4.57 / 3.18.49. Needs user_ns for CAP_NET_RAW. Full exploit follows. |
-| CVE-2022-0185 | legacy_parse_param fsconfig heap OOB → container-escape | LPE (cross-cache UAF → cred overwrite from rootless container) | mainline 5.16.2 (Jan 2022) | `fuse_legacy` | 🔵 | Detect-only. **Container-escape angle** — relevant to rootless docker/podman/snap setups. Branch backports: 5.16.2 / 5.15.14 / 5.10.91 / 5.4.171. Needs user_ns + mount_ns. William Liu / Crusaders-of-Rust PoC reference. |
-| CVE-2023-3269 | StackRot — maple-tree VMA-split UAF | LPE (kernel R/W via maple node use-after-RCU) | mainline 6.4-rc4 (Jul 2023) | `stackrot` | 🔵 | Detect-only. **Different bug class** (mm, not netfilter — broadens corpus shape). Affects 6.1.x LTS (still widely deployed) until 6.1.37; mainline 6.4-rc4. Ruihan Li's Peking University disclosure. ~1000-line PoC port deferred. |
-| CVE-2020-14386 | AF_PACKET tpacket_rcv VLAN integer underflow | LPE (heap OOB write via crafted frame) | mainline 5.9 (Sep 2020) | `af_packet2` | 🔵 | Detect-only. Sibling of CVE-2017-7308; same subsystem, different code path. Branch backports: 5.8.7 / 5.7.16 / 5.4.62 / 4.19.143 / 4.14.197 / 4.9.235. Or Cohen's disclosure. Shares `iamroot-af-packet` audit key with CVE-2017-7308 module. |
+| CVE-2022-0492 | cgroup v1 `release_agent` privilege check in wrong namespace | LPE (host root from rootless container or unprivileged userns) | mainline 5.17 (Mar 2022) | `cgroup_release_agent` | 🟢 | Universal structural exploit — no per-kernel offsets, no race. unshare(user|mount|cgroup), mount cgroup v1 RDP controller, write release_agent → ./payload, trigger via notify_on_release. Ships auditd rules covering cgroupfs mount + release_agent writes. Kept as a portable "containers misconfigured" demo. |
+| CVE-2023-0386 | overlayfs `copy_up` preserves setuid bit across mount-ns boundary | LPE (host root via setuid carrier from unprivileged mount) | mainline 5.11 / 6.2-rc6 (Jan 2023) | `overlayfs_setuid` | 🟢 | Distro-agnostic — places a setuid binary in an overlay lower, mounts via fuse-overlayfs userns trick, executes from upper to inherit the setuid bit + root euid. Branch backports tracked for 5.10.169 / 5.15.92 / 6.1.11 / 6.2.x. |
+| CVE-2021-22555 | iptables xt_compat heap-OOB → cross-cache UAF | LPE (kernel R/W via 4-byte heap OOB write + msg_msg/sk_buff groom) | mainline 5.12 / 5.11.10 (Apr 2021) | `netfilter_xtcompat` | 🟡 | Hand-rolled `ipt_replace` blob + setsockopt(IPT_SO_SET_REPLACE) fires the 4-byte OOB, msg_msg spray in kmalloc-2k + sk_buff sidecar, MSG_COPY scan for cross-cache landing + slabinfo delta. Stops before the leak → modprobe_path overwrite chain (per-kernel offsets refused). Branch backports: 5.11.10 / 5.10.27 / 5.4.110 / 4.19.185 / 4.14.230 / 4.9.266 / 4.4.266. **Bug existed since 2.6.19 (2006).** Andy Nguyen's PGZ disclosure. |
+| CVE-2017-7308 | AF_PACKET TPACKET_V3 integer overflow → heap write-where | LPE (CAP_NET_RAW via userns) | mainline 4.11 / 4.10.6 (Mar 2017) | `af_packet` | 🟡 | Konovalov's TPACKET_V3 overflow + 200-skb spray + best-effort cred race. Offset table (Ubuntu 16.04/4.4 + 18.04/4.15) + `IAMROOT_AFPACKET_OFFSETS` env override for other kernels. x86_64-only; ARM returns PRECOND_FAIL. Branch backports: 4.10.6 / 4.9.18 / 4.4.57 / 3.18.49. |
+| CVE-2022-0185 | legacy_parse_param fsconfig heap OOB → container-escape | LPE (cross-cache UAF → cred overwrite from rootless container) | mainline 5.16.2 (Jan 2022) | `fuse_legacy` | 🟡 | userns+mountns reach, fsopen("cgroup2") + double fsconfig SET_STRING fires the 4k OOB, msg_msg cross-cache groom in kmalloc-4k, MSG_COPY read-back detects whether the OOB landed in an adjacent neighbour. Stops before the m_ts overflow → MSG_COPY arbitrary read chain (scaffold present, no per-kernel offsets). **Container-escape angle** — relevant to rootless docker/podman/snap. Branch backports: 5.16.2 / 5.15.14 / 5.10.91 / 5.4.171. |
+| CVE-2023-3269 | StackRot — maple-tree VMA-split UAF | LPE (kernel R/W via maple node use-after-RCU) | mainline 6.4-rc4 (Jul 2023) | `stackrot` | 🟡 | Two-thread race driver (MAP_GROWSDOWN + mremap rotation vs fork+fault) with cpu pinning + 3 s budget; kmalloc-192 spray for anon_vma/anon_vma_chain; race-iteration + signal breadcrumb. Honest reliability note in module header: **~<1% race-win/run on a vulnerable kernel** — the public PoC averages minutes-to-hours and needs a much wider VMA staging matrix to be reliable. Useful as a "is the maple-tree path reachable here?" probe. Branch backports: 6.4.4 / 6.3.13 / 6.1.37. |
+| CVE-2020-14386 | AF_PACKET tpacket_rcv VLAN integer underflow | LPE (heap OOB write via crafted frame) | mainline 5.9 (Sep 2020) | `af_packet2` | 🟡 | Sibling of CVE-2017-7308; tp_reserve underflow + sendmmsg skb spray + slab-delta witness. PRIMITIVE-DEMO scope (no cred overwrite). Branch backports: 5.8.7 / 5.7.16 / 5.4.62 / 4.19.143 / 4.14.197 / 4.9.235. Or Cohen's disclosure. Shares `iamroot-af-packet` audit key with CVE-2017-7308. |
 | CVE-TBD | Fragnesia (ESP shared-frag in-place encrypt) | LPE (page-cache write) | mainline TBD | `_stubs/fragnesia_TBD` | ⚪ | Stub. Per `findings/audit_leak_write_modprobe_backups_2026-05-16.md`, requires CAP_NET_ADMIN in userns netns — may or may not be in-scope depending on target environment. |
 
 ## Operations supported per module
@@ -52,6 +61,19 @@ Symbols: ✓ = supported, — = not applicable / no automated path.
 | dirty_frag_rxrpc | ✓ | ✓ | ✓ (same family-wide) | ✓ | ✓ |
 | dirty_pipe | ✓ | ✓ | — (only fix is upgrade kernel) | ✓ (evict page cache) | ✓ (auditd + sigma) |
 | entrybleed | ✓ | ✓ (leak kbase) | — (no canonical patch) | — | ✓ (sigma informational) |
+| pwnkit | ✓ | ✓ | — (upgrade polkit) | ✓ (workdir nuke) | ✓ (auditd + sigma) |
+| overlayfs | ✓ | ✓ | — (upgrade kernel) | — | ✓ (auditd) |
+| dirty_cow | ✓ | ✓ | — (upgrade kernel) | ✓ (evict page cache) | ✓ (auditd + sigma) |
+| ptrace_traceme | ✓ | ✓ | — (upgrade kernel) | — | ✓ (auditd) |
+| cgroup_release_agent | ✓ | ✓ | — (mount cgroup ns) | — | ✓ (auditd) |
+| overlayfs_setuid | ✓ | ✓ | — (upgrade kernel) | — | ✓ (auditd) |
+| nf_tables | ✓ | ✓ (primitive) | — (upgrade kernel) | ✓ (queue drain) | ✓ (auditd) |
+| cls_route4 | ✓ | ✓ (primitive) | — (upgrade kernel) | ✓ (teardown + log unlink) | ✓ (auditd) |
+| netfilter_xtcompat | ✓ | ✓ (primitive) | — (upgrade kernel) | ✓ (log unlink) | ✓ (auditd) |
+| af_packet | ✓ | ✓ (primitive) | — (upgrade kernel) | — | ✓ (auditd, shared key) |
+| af_packet2 | ✓ | ✓ (primitive) | — (upgrade kernel) | — | ✓ (auditd, shared key) |
+| fuse_legacy | ✓ | ✓ (primitive) | — (upgrade kernel) | ✓ (queue drain) | ✓ (auditd) |
+| stackrot | ✓ | ✓ (race) | — (upgrade kernel) | ✓ (log unlink) | ✓ (auditd) |
 
 ## Pipeline for additions
 
diff --git a/README.md b/README.md
index d9cf385..c63781f 100644
--- a/README.md
+++ b/README.md
@@ -63,14 +63,24 @@ The same binary covers offense and defense:
 
 ## Status
 
-**Active. Bootstrap phase as of 2026-05-16.** First module
-(`copy_fail_family`) absorbed from the standalone DIRTYFAIL project
-and is verified working end-to-end on Ubuntu 26.04 + Alma 9 + Debian
-13 with full AppArmor bypass + container escape demo + persistent
-backdoor mode.
+**Active — v0.1.0 cut 2026-05-16.** Corpus covers **20 modules**
+across the 2016 → 2026 LPE timeline:
 
-See [`CVES.md`](CVES.md) for the full curated CVE list with patch
-status. See [`ROADMAP.md`](ROADMAP.md) for the next planned modules.
+- 🟢 **13 modules land root** end-to-end on a vulnerable host
+  (copy_fail family ×5, dirty_pipe, entrybleed leak, pwnkit,
+  overlayfs CVE-2021-3493, dirty_cow, ptrace_traceme,
+  cgroup_release_agent, overlayfs_setuid CVE-2023-0386).
+- 🟡 **7 modules fire the kernel primitive** (trigger + slab groom +
+  empirical witness) but stop short of the full cred-overwrite /
+  R/W chain — they return `EXPLOIT_FAIL` honestly rather than
+  fabricate per-kernel offsets. Useful as vuln-verification probes.
+  (af_packet, af_packet2, cls_route4, fuse_legacy, nf_tables,
+  netfilter_xtcompat, stackrot.)
+- Detection rules ship inline (auditd / sigma / yara / falco) and
+  are exported via `iamroot --detect-rules --format=…`.
+
+See [`CVES.md`](CVES.md) for the per-CVE inventory + patch status.
+See [`ROADMAP.md`](ROADMAP.md) for the next planned modules.
 
 ## Why this exists
 
diff --git a/ROADMAP.md b/ROADMAP.md
index 6b80017..4057cfb 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -133,31 +133,61 @@ primitive** that other modules can chain. Bundled because:
 - [ ] Idempotent re-run safety: copy_fail_family's apply is already
       idempotent (overwrites conf files). Re-verify per module.
 
-## Phase 7+ — More modules (started 2026-05-16)
+## Phase 7+ — More modules (started 2026-05-16, v0.1.0 cut 2026-05-16)
 
-Backfill of historical and recent LPEs as time allows:
+Backfill of historical and recent LPEs as time allows.
+
+**Landed in v0.1.0:**
+
+- [x] **CVE-2016-5195** — Dirty COW: 🟢 FULL Phil-Oester-style race.
+- [x] **CVE-2017-7308** — AF_PACKET TPACKET_V3: 🟡 PRIMITIVE
+      (overflow + skb spray + cred-race attempt, no portable cred R/W).
+- [x] **CVE-2019-13272** — PTRACE_TRACEME: 🟢 FULL jannh-style chain.
+- [x] **CVE-2020-14386** — AF_PACKET tp_reserve: 🟡 PRIMITIVE-DEMO.
+- [x] **CVE-2021-3493** — Ubuntu overlayfs userns: 🟢 FULL vsh-style.
+- [x] **CVE-2021-4034** — Pwnkit: 🟢 FULL Qualys-style.
+- [x] **CVE-2021-22555** — xt_compat heap-OOB: 🟡 PRIMITIVE (trigger
+      + msg_msg cross-cache groom + MSG_COPY witness, no
+      modprobe_path overwrite).
+- [x] **CVE-2022-0185** — fsconfig 4k OOB: 🟡 PRIMITIVE (trigger
+      + cross-cache groom + neighbour-detect, no MSG_COPY arb-read
+      finisher).
+- [x] **CVE-2022-0492** — cgroup_release_agent: 🟢 FULL universal
+      structural exploit (no offsets, no race).
+- [x] **CVE-2022-2588** — cls_route4 dangling UAF: 🟡 PRIMITIVE
+      (tc/ip add+rm + msg_msg spray + classify drive, no cred chain).
+- [x] **CVE-2023-0386** — overlayfs setuid copy-up: 🟢 FULL
+      distro-agnostic.
+- [x] **CVE-2023-3269** — StackRot: 🟡 PRIMITIVE/RACE (driver +
+      groom; ~<1% race-win per run, honest in module header).
+- [x] **CVE-2024-1086** — nf_tables verdict UAF: 🟡 PRIMITIVE
+      (hand-rolled nfnetlink, NFT_GOTO+DROP malformed verdict,
+      msg_msg kmalloc-cg-96 groom, no pipapo R/W chain).
+
+**Carry-overs:**
 
-- [ ] **CVE-2021-3493** — overlayfs nested-userns LPE
-- [x] **CVE-2021-4034** — Pwnkit (pkexec env handling): 🟢 FULL detect
-      + exploit + cleanup. Detect handles legacy ("0.105") and modern
-      ("126") version strings. Exploit: canonical Qualys-style — writes
-      payload.c, compiles via target's gcc, builds gconv-modules cache,
-      execve(pkexec, NULL_argv, crafted_envp). Auto-refuses on patched
-      kernels. Cleanup removes /tmp/iamroot-pwnkit-* workdirs.
-      Falls back gracefully on hosts without cc.
-- [ ] **CVE-2022-2588** — net/sched route4 dead UAF
 - [ ] **CVE-2023-2008** — vmwgfx OOB write
-- [x] **CVE-2024-1086** — nf_tables UAF: 🔵 detect-only landed
-      (2026-05-16). Branch-backport thresholds for 5.4 / 5.10 / 5.15 /
-      6.1 / 6.6 / 6.7 plus mainline 6.8. Detect also probes
-      unprivileged user_ns clone availability — kernel-vulnerable hosts
-      with userns locked down get IAMROOT_PRECOND_FAIL (kernel still
-      needs patching but unprivileged-exploit path is closed). Full
-      Notselwyn-style exploit follows.
 - [ ] Fragnesia (if it lands as a CVE)
 - [ ] Anything we ourselves disclose — bundled AFTER upstream patch
       ships (responsible-disclosure-first)
 
+## Phase 8 — Full-chain promotions (post v0.1.0)
+
+The 7 🟡 PRIMITIVE modules each stop one or two steps short of full
+cred-overwrite. Promotion to 🟢 means landing the leak → R/W →
+modprobe_path-or-cred-rewrite stage on at least one tracked kernel.
+None requires fresh research — each has a public reference exploit;
+the work is porting the per-kernel offset dance into a portable
+shape compatible with IAMROOT's "no-fabricated-offsets" rule (most
+likely as an env-var override table per distro+kernel, with offset
+auto-resolve via System.map / kallsyms when accessible).
+
+Priority order: nf_tables (Notselwyn pipapo R/W), netfilter_xtcompat
+(Andy Nguyen modprobe_path), af_packet (xairy sk_buff cred chase).
+The other four are lower priority — fuse_legacy and cls_route4 have
+narrower distro reach; af_packet2 piggybacks on af_packet; stackrot's
+race window makes it inherently low-yield.
+
 ## Non-goals
 
 - **No 0-day shipment.** Everything in IAMROOT is post-patch.
diff --git a/iamroot.c b/iamroot.c
index 363a313..aa2e27e 100644
--- a/iamroot.c
+++ b/iamroot.c
@@ -25,7 +25,7 @@
 #include <string.h>
 #include <unistd.h>
 
-#define IAMROOT_VERSION "0.1.0-phase1"
+#define IAMROOT_VERSION "0.1.0"
 
 static const char BANNER[] =
 "\n"