DF-0333
Kernel pointer leak to unprivileged users via in_pcblist_range xinpcb dump
Summary
in_pcblist_range(:2467-2471) bcopy entire struct inpcb (with ~12 kernel pointers: inp_hash/list/portlist links, inp_ppcb, inp_pcbinfo, inp_socket, inp_porthash, inp_phd, inp_options, inp_moptions, inp_route.ro_rt, inp_pf_sk) into xinpcb exported via CTLFLAG_RD pcblist sysctls. No privilege gate. Any unpriv: sysctl net.inet.udp.pcblist -> KASLR bypass + heap layout.