DragonFlyBSD Kernel Audit
← dashboard
DF-0247

cpuid bounds check is KASSERT-only — compiled out in production kernels

Summary

cpuhelper_domsg(:102-108) indexes cpuhelper[cpuid] with only KASSERT guard(:106). KASSERT compiled out without INVARIANTS(systm.h:117-118). Out-of-range cpuid -> OOB array access -> garbage pointer deref. Kernel-internal API, not directly unpriv-reachable.