{
  "entrypoint_kind": "local_kernel_runtime",
  "entrypoint_detail": "Ubuntu mainline 7.0.9 vs 7.0.10 in QEMU; XFRM/ESP + netfilter TEE; dirtyclone exploit as uid 1000",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "qemu",
    "linux-7.0.9",
    "rootfs",
    "xfrm-esp",
    "netfilter-tee",
    "dirtyclone"
  ],
  "proof_artifacts": [
    "logs/qemu_vuln.log",
    "logs/qemu_fixed.log",
    "repro/runtime_manifest.json"
  ],
  "notes": "Page-cache write via TEE-cloned ESP-in-UDP skb; patched /usr/bin/su executed as uid 1000 yields root shell on vulnerable kernel, password prompt on fixed kernel."
}
