FreeBSD -- Uninitialized kernel stack leaks in several file systems
Several file systems were not properly initializing the d_off field
of the dirent structures returned by VOP_READDIR. In particular,
tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so.
As a result, eight uninitialized kernel stack bytes may be leaked to
userspace by these file systems. This problem is not present in
Additionally, msdosfs(5) was failing to zero-fill a pair of padding
fields in the dirent structure, resulting in a leak of three
Kernel stack disclosures may leak sensitive information which could
be used to compromise the security of the system.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright