leviathan
fa0228df9b
build / build (clang / debug) (push) Waiting to run
build / build (clang / default) (push) Waiting to run
build / build (gcc / debug) (push) Waiting to run
build / build (gcc / default) (push) Waiting to run
build / sanitizers (ASan + UBSan) (push) Waiting to run
build / clang-tidy (push) Waiting to run
build / drift-check (CISA KEV + Debian tracker) (push) Waiting to run
build / static-build (push) Waiting to run
release / build (arm64) (push) Waiting to run
release / build (x86_64) (push) Waiting to run
release / build (x86_64-static / musl) (push) Waiting to run
release / build (arm64-static / musl) (push) Waiting to run
release / release (push) Blocked by required conditions
CVE metadata refresh:
- Added 8 entries to core/cve_metadata.c for the v0.8.0 + v0.9.0 module
CVEs. Two are CISA-KEV-listed:
- CVE-2018-14634 mutagen_astronomy (2026-01-26, CWE-190)
- CVE-2025-32463 sudo_chwoot (2025-09-29, CWE-829)
- Populated via direct curl when refresh-cve-metadata.py's Python urlopen
hung on CISA's HTTP/2 endpoint for ~55 min — same data, different
transport.
dirtydecrypt module bug fix:
- dd_detect() was wrongly gating 'predates the bug' on kernel < 7.0
- Per NVD CVE-2026-31635: bug entered at 6.16.1 stable; vulnerable
through 6.18.22 / 6.19.12 / 7.0-rc7; fixed at 6.18.23 / 6.19.13 / 7.0
- Fix: predates-gate now uses 6.16.1; patched_branches[] adds {6,18,23}
- Re-verified: dirtydecrypt now correctly returns VULNERABLE on mainline
6.19.7 instead of OK. Previously a false negative on real vulnerable
kernels.
Footer goes from '10 in CISA KEV' to '12 in CISA KEV'. Verified count
stays at 28 but dirtydecrypt's record is now a TRUE VULNERABLE match
(was OK match).
330 lines
11 KiB
C
330 lines
11 KiB
C
/*
|
|
* SKELETONKEY — verification records table
|
|
*
|
|
* AUTO-GENERATED by tools/refresh-verifications.py from
|
|
* docs/VERIFICATIONS.jsonl. Do not hand-edit; rerun the script.
|
|
*
|
|
* Source: tools/verify-vm/verify.sh appends one JSON record per
|
|
* run; this generator dedupes to (module, vm_box, kernel, expect)
|
|
* and keeps the latest by verified_at.
|
|
*/
|
|
|
|
#include "verifications.h"
|
|
|
|
#include <stddef.h>
|
|
#include <string.h>
|
|
#include <stdbool.h>
|
|
|
|
const struct verification_record verifications[] = {
|
|
{
|
|
.module = "af_packet",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "4.15.0-213-generic",
|
|
.host_distro = "Ubuntu 18.04.6 LTS",
|
|
.vm_box = "generic/ubuntu1804",
|
|
.expect_detect = "OK",
|
|
.actual_detect = "OK",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "af_packet2",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.4.0-169-generic",
|
|
.host_distro = "Ubuntu 20.04.6 LTS",
|
|
.vm_box = "generic/ubuntu2004",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "af_unix_gc",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.5-051505-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "cgroup_release_agent",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.10.0-27-amd64",
|
|
.host_distro = "Debian GNU/Linux 11 (bullseye)",
|
|
.vm_box = "generic/debian11",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "cls_route4",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.0-43-generic",
|
|
.host_distro = "Ubuntu 20.04.6 LTS",
|
|
.vm_box = "generic/ubuntu2004",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "dirty_pipe",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.0-91-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "OK",
|
|
.actual_detect = "OK",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "dirtydecrypt",
|
|
.verified_at = "2026-05-24",
|
|
.host_kernel = "6.19.7-061907-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "entrybleed",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.0-91-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "fuse_legacy",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.10.0-27-amd64",
|
|
.host_distro = "Debian GNU/Linux 11 (bullseye)",
|
|
.vm_box = "generic/debian11",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "netfilter_xtcompat",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.10.0-27-amd64",
|
|
.host_distro = "Debian GNU/Linux 11 (bullseye)",
|
|
.vm_box = "generic/debian11",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "nf_tables",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.5-051505-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "nft_fwd_dup",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.10.0-27-amd64",
|
|
.host_distro = "Debian GNU/Linux 11 (bullseye)",
|
|
.vm_box = "generic/debian11",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "nft_payload",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.0-43-generic",
|
|
.host_distro = "Ubuntu 20.04.6 LTS",
|
|
.vm_box = "generic/ubuntu2004",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "nft_pipapo",
|
|
.verified_at = "2026-05-24",
|
|
.host_kernel = "5.15.5-051505-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "nft_set_uaf",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.5-051505-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "overlayfs",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.4.0-169-generic",
|
|
.host_distro = "Ubuntu 20.04.6 LTS",
|
|
.vm_box = "generic/ubuntu2004",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "overlayfs_setuid",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.0-91-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "pack2theroot",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "6.1.0-17-amd64",
|
|
.host_distro = "Debian GNU/Linux 12 (bookworm)",
|
|
.vm_box = "generic/debian12",
|
|
.expect_detect = "PRECOND_FAIL",
|
|
.actual_detect = "PRECOND_FAIL",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "ptrace_traceme",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "4.15.0-213-generic",
|
|
.host_distro = "Ubuntu 18.04.6 LTS",
|
|
.vm_box = "generic/ubuntu1804",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "pwnkit",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.4.0-169-generic",
|
|
.host_distro = "Ubuntu 20.04.6 LTS",
|
|
.vm_box = "generic/ubuntu2004",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "sequoia",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.4.0-169-generic",
|
|
.host_distro = "Ubuntu 20.04.6 LTS",
|
|
.vm_box = "generic/ubuntu2004",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "stackrot",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "6.1.10-060110-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "sudo_chwoot",
|
|
.verified_at = "2026-05-24",
|
|
.host_kernel = "5.15.0-91-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "sudo_runas_neg1",
|
|
.verified_at = "2026-05-24",
|
|
.host_kernel = "4.15.0-213-generic",
|
|
.host_distro = "Ubuntu 18.04.6 LTS",
|
|
.vm_box = "generic/ubuntu1804",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "sudo_samedit",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "4.15.0-213-generic",
|
|
.host_distro = "Ubuntu 18.04.6 LTS",
|
|
.vm_box = "generic/ubuntu1804",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "sudoedit_editor",
|
|
.verified_at = "2026-05-23",
|
|
.host_kernel = "5.15.0-91-generic",
|
|
.host_distro = "Ubuntu 22.04.3 LTS",
|
|
.vm_box = "generic/ubuntu2204",
|
|
.expect_detect = "PRECOND_FAIL",
|
|
.actual_detect = "PRECOND_FAIL",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "tioscpgrp",
|
|
.verified_at = "2026-05-24",
|
|
.host_kernel = "5.4.0-26-generic",
|
|
.host_distro = "Ubuntu 20.04.6 LTS",
|
|
.vm_box = "generic/ubuntu2004",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
{
|
|
.module = "udisks_libblockdev",
|
|
.verified_at = "2026-05-24",
|
|
.host_kernel = "6.1.0-17-amd64",
|
|
.host_distro = "Debian GNU/Linux 12 (bookworm)",
|
|
.vm_box = "generic/debian12",
|
|
.expect_detect = "VULNERABLE",
|
|
.actual_detect = "VULNERABLE",
|
|
.status = "match",
|
|
},
|
|
};
|
|
|
|
const size_t verifications_count =
|
|
sizeof(verifications) / sizeof(verifications[0]);
|
|
|
|
const struct verification_record *
|
|
verifications_for_module(const char *module, size_t *count_out)
|
|
{
|
|
if (count_out) *count_out = 0;
|
|
if (!module) return NULL;
|
|
const struct verification_record *first = NULL;
|
|
size_t n = 0;
|
|
for (size_t i = 0; i < verifications_count; i++) {
|
|
if (strcmp(verifications[i].module, module) == 0) {
|
|
if (first == NULL) first = &verifications[i];
|
|
n++;
|
|
}
|
|
}
|
|
if (count_out) *count_out = n;
|
|
return first;
|
|
}
|
|
|
|
bool verifications_module_has_match(const char *module)
|
|
{
|
|
size_t n = 0;
|
|
const struct verification_record *r = verifications_for_module(module, &n);
|
|
for (size_t i = 0; i < n; i++)
|
|
if (r[i].status && strcmp(r[i].status, "match") == 0)
|
|
return true;
|
|
return false;
|
|
}
|