DF-0278
Kernel pointer leak via DIOCGETADDR: bcopy of pf_pooladdr exposes pfi_kif*
Summary
DIOCGETADDR(:2220) bcopy(pa,&pp->addr,sizeof(pf_pooladdr)). Contains pfi_kif* and TAILQ_ENTRY pointers. pf_addr_copyout only scrubs addr not linkage. KASLR bypass. Root-only.