Sorry, I should've elaborated a bit more In some ICMP IPOPT_TS cases the return code was garbage computation, and happened to leak 1 byte of kernel address space.
This was reported by Xint Code. The fix was inspired by FreeBSD https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=30982 On Thu, Apr 16, 2026 at 09:29:42AM -0600, Job Snijders wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2026/04/16 09:29:42 > > Modified files: > sys/netinet : ip_input.c > > Log message: > Don't mix heap and stack pointers in offset calculation > > OK canacar@ claudio@ deraadt@ >
