{
  "entrypoint_kind": "local_only",
  "entrypoint_detail": "QEMU-booted Linux kernel FUSE readdir cache path; malicious FUSE daemon returns namelen=4095 dirent through getdents64 and corrupts /etc/passwd page cache as uid 1000",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "qemu-system-x86_64",
    "linux-kernel-non-KASAN",
    "fuse.ko",
    "ext4-rootfs",
    "busybox-init",
    "malicious-FUSE-daemon"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/qemu_lpe_vuln_attempt1.log",
    "logs/qemu_lpe_vuln_attempt2.log",
    "logs/qemu_lpe_fixed_attempt1.log",
    "logs/qemu_lpe_fixed_attempt2.log",
    "repro/fuse_passwd_lpe.c",
    "repro/fuse_passwd_lpe",
    "repro/fuse-nokasan-vuln.ko",
    "repro/fuse-nokasan-fixed.ko"
  ],
  "notes": "Confirmed: vulnerable non-KASAN kernel changed the page-cache first line of root-owned read-only /etc/passwd to root::0:0:x:.: as uid 1000; fixed module rejected the oversized dirent and left /etc/passwd unchanged."
}