DragonFlyBSD Kernel Audit
← dashboard
DF-0279

Kernel pointer leak via DIOCGETALTQ: bcopy of pf_altq exposes altq_disc

Summary

DIOCGETALTQ(:2088) bcopy(altq,&pa->altq,sizeof(pf_altq)). Contains void* altq_disc. Copied unfiltered. KASLR bypass. Root-only ALTQ compiled in.