{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed_variant_not_bypass",
  "variant_confirmed": true,
  "bypass": false,
  "validated_surface": "cli_local",
  "evidence_scope": "production_path",
  "claimed_impact_class": "other",
  "observed_impact_class": "other",
  "exploitability_confidence": "medium",
  "attacker_controlled_input": "container image rootfs where /dev is a relative or absolute symlink to a directory outside the rootfs",
  "trigger_path": "CLI -> libcontainer.prepareRootfs -> doSetupDev -> setupPtmx / setupDevSymlinks",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": false,
  "blocking_mitigation": "fd-based /dev setup in runc 1.3.6 (commits a8e53f2c / 864db8042dbb) prevents path-based symlink following",
  "inferred": false,
  "distinct_variants_confirmed": ["relative_dev_symlink", "create_start_entrypoint"],
  "distinct_variants_ruled_out": ["pts_symlink"]
}
