# Per-Ticket Reproduction Policy

## Prior Evidence and Remaining Gap
- Prior run confirmed the vulnerability trigger with **observed_impact_class=oob_write** in **production_path**, but **claim_outcome=partial** due to **impact_mismatch** (claimed **privilege_escalation** not achieved). **exploit_chain_demonstrated=false**.
- The prior run reached end-to-end target but did **not** demonstrate privilege escalation; you must extend the chain to achieve the claimed impact.

### Starting Points From Prior Run (Not Yet Sufficient)
1. Inspect exploit sources under `$WORKDIR/project-cache/.../repo/rafaeldtinoco_security/exploits` (e.g., `sed -n '200,260p' ...`).
2. Run the provided repro script:
   - `chmod +x bundle/repro/reproduction_steps.sh`
   - `PRUVA_ROOT="$(pwd)" bundle/repro/reproduction_steps.sh 2>&1 | tee -a /tmp/repro_run1.log`
3. Review kernel/module config checks used previously (e.g., `grep -E 'CONFIG_CRYPTO_CBC|CONFIG_CRYPTO_AES|CONFIG_CRYPTO_CRYPTD' ...`, `grep -E 'CONFIG_MODULE_COMPRESS|CONFIG_ZSTD' ...`).

### Required Next Step (Gap)
- Modify/extend the exploit chain to **achieve local privilege escalation**, not just OOB write. Provide proof of escalated privileges (e.g., root shell or uid change) to satisfy the claim.