DragonFlyBSD Kernel Audit
← dashboard
DF-0224

ksched_getparam leaves sched_priority uninitialized for non-RT procs -> kernel stack info leak

Summary

ksched_getparam(:146-147) only writes sched_priority when RTP_PRIO_IS_REALTIME. Non-RT procs return 0 without writing. Caller kern_p1003_1b.c:227 declares uninit, :244-245 unconditional copyout. 4 bytes kernel stack to unpriv user via sched_getparam(getpid(),&sp).