[Bug 295522] kcmp comparison results le ak kernel object address ordering (informatio nal — no KASLR)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 23 May 2026 14:40:27 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295522

            Bug ID: 295522
           Summary: kcmp comparison results leak kernel object address
                    ordering (informational — no KASLR)
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: cs.lee@opcia.kr

Reclassified per secteam guidance — originally reported to secteam@FreeBSD.org.

The kcmp subsystem in sys/kern/sys_generic.c returns comparison results that
can
be used to reconstruct partial address ordering of kernel objects through
repeated
comparisons.

Since FreeBSD does not implement KASLR and kernel addresses are already
accessible
through multiple existing channels (/dev/kmem, sysctl, kldstat, etc.), this has
no
current security impact. Filed as an informational note.

If FreeBSD implements KASLR in the future, this interface should be reviewed to
prevent address ordering leakage.

-- 
You are receiving this mail because:
You are the assignee for the bug.