DragonFlyBSD Kernel Audit
← dashboard
DF-0169

sysref_get has no refcount overflow guard

Summary

sysref_get (sysref2.h:68) atomic_add_int(&refcnt,1) unchecked. ~2^30 gets overflow INT_MAX -> negative -> _sysref_put KKASSERT panic or (no INVARIANTS) state corruption -> premature free/UAF. Infeasible: each ref consumes kernel memory, OOM first.