Add kernel_rex_version for kernel parsing

[EclipseAditya]

Adds kernel_rex_version to Msf::Post::Linux::Kernel that extracts the upstream kernel version from uname -r and returns a Rex::Version. This replaces the split('-').first pattern duplicated across 15 modules that crashed with ArgumentError on distro-specific suffixes (Amazon Linux, Fedora, RHEL, SUSE, etc.).

• Modules now return CheckCode::Unknown instead of CheckCode::Safe when version can't be parsed
• Removes rescue ArgumentError band-aids added in guard Rex::Version.new against crashes on local modules #19813
• Fixes vmwgfx_fd_priv_esc boundary (> to >=) that excluded kernel 4.14.0
• Fixes cve_2021_3490 Fedora dead code (>= to > for 5.11.20)

Fixes #19855

Verification

• bundle exec rspec spec/lib/msf/core/post/linux/kernel_spec.rb
• Verify 34 examples, 0 failures
• bundle exec ruby msftidy.rb vmwgfx_fd_priv_esc.rb docker_cgroup_escape.rb modules/exploits/example_linux_priv_esc.rb
• Verify no new offenses
• grep -rn "Rex::Version.new.*kernel_release" modules/exploits/
• Verify zero matches (no module passes raw kernel_release to Rex::Version)
• Start msfconsole
• irb
• Rex::Version.new("4.14.355-275.572.amzn2.x86_64")
• Verify it raises ArgumentError (the original bug)
• Rex::Version.new("4.14.355-275.572.amzn2.x86_64".split('-').first)
• Verify returns Rex::Version "4.14.355" (what kernel_rex_version does)
• use exploit/linux/local/vmwgfx_fd_priv_esc
• Verify module loads without errors

[Copilot]

Pull request overview

This PR centralizes Linux kernel release parsing into a new kernel_rex_version helper (returning Rex::Version or nil) and updates multiple local Linux modules to use it, preventing Rex::Version crashes on distro-specific uname -r suffixes while making “unknown kernel version” checks report CheckCode::Unknown instead of Safe.

Changes:

• Add Msf::Post::Linux::Kernel#kernel_rex_version plus RSpec coverage for common distro uname -r formats and failure cases.
• Replace ad-hoc kernel_release.split('-').first parsing across affected modules with kernel_rex_version, returning CheckCode::Unknown when parsing fails.
• Adjust a couple of kernel boundary conditions and modernize one execution call to create_process for argument-safe process launching.

Impact Analysis:

• Blast radius: Medium — all modules/mixins that include Msf::Post::Linux::Kernel can now consume kernel_rex_version, and updated exploit checks will change behavior on previously unparseable releases.
• Data and contract effects: No schema/payload changes; behavior change is primarily CheckCode::Safe → CheckCode::Unknown for unparseable kernel releases, and standardized parsing to the upstream numeric portion.
• Rollback and test focus: Rollback is straightforward (revert helper + module callsites); highest-value validation is running module check across a spread of kernel release strings (Amazon/RHEL/Fedora/SUSE/Ubuntu) and running the new kernel spec.

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
spec/lib/msf/core/post/linux/kernel_spec.rb	Adds unit tests for kernel_rex_version across distro release formats and nil/blank/unparseable inputs.
lib/msf/core/post/linux/kernel.rb	Introduces kernel_rex_version helper to normalize uname -r into Rex::Version safely.
modules/exploits/linux/local/vmwgfx_fd_priv_esc.rb	Switches version parsing to kernel_rex_version and refines vulnerable range checks.
modules/exploits/linux/local/sock_sendpage.rb	Uses kernel_rex_version and returns CheckCode::Unknown when parsing fails.
modules/exploits/linux/local/rds_rds_page_copy_user_priv_esc.rb	Uses kernel_rex_version with explicit Unknown on parse failure.
modules/exploits/linux/local/ptrace_traceme_pkexec_helper.rb	Uses kernel_rex_version with explicit Unknown on parse failure.
modules/exploits/linux/local/nested_namespace_idmap_limit_priv_esc.rb	Uses kernel_rex_version with explicit Unknown on parse failure.
modules/exploits/linux/local/glibc_realpath_priv_esc.rb	Uses kernel_rex_version with explicit Unknown on parse failure.
modules/exploits/linux/local/docker_cgroup_escape.rb	Uses kernel_rex_version for short version parsing; converts extended parse failure to Unknown.
modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb	Uses kernel_rex_version and returns Unknown when parsing fails.
modules/exploits/linux/local/cve_2022_1043_io_uring_priv_esc.rb	Uses kernel_rex_version with explicit Unknown on parse failure.
modules/exploits/linux/local/cve_2022_0847_dirtypipe.rb	Uses kernel_rex_version and returns Unknown when parsing fails.
modules/exploits/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe.rb	Uses kernel_rex_version, fixes Fedora comparison boundary, and switches to create_process for execution.
modules/exploits/linux/local/bpf_sign_extension_priv_esc.rb	Uses kernel_rex_version with explicit Unknown on parse failure.
modules/exploits/linux/local/bpf_priv_esc.rb	Uses kernel_rex_version with explicit Unknown on parse failure.
modules/exploits/linux/local/apport_abrt_chroot_priv_esc.rb	Uses kernel_rex_version and returns Unknown when parsing fails.
modules/exploits/example_linux_priv_esc.rb	Updates example module to use kernel_rex_version and Unknown on parse failure.