DragonFlyBSD Kernel Audit
← dashboard
DF-0092

sysctl_rman leaks 4 bytes uninitialized kernel stack via struct u_resource trailing padding

Summary

sysctl_rman (subr_rman.c:654 struct u_resource ures on stack uninit; named fields set :702-720; amd64 layout r_flags u_int at offset 72 sizeof padded to 80 (4 trailing bytes) alignment 8; SYSCTL_OUT copies sizeof=80 incl 4 uninit stack bytes :722). hw.bus.rman CTLFLAG_RD unprivileged. 4 bytes stale kernel stack per resource entry KASLR bypass. struct u_rman (:653) no padding sizeof=64 not affected. Fix: struct u_resource ures={};.