[ChocolateGod]

Is it even exploitable in the real world?

Correct me if I'm wrong but you get 2 bytes of kernel data (potentially blank padding) and the same two bytes each time?

[bean-weevil]

If the linker puts a pointer there, this would let you leak part of the pointer which could let you bypass kaslr. Not too likely for that to occur. If I were submitting this bug I would feel complete if they bought me a sandwich.

[axoltl]

The bottom 2 bytes of a pointer contain two bits of the slide, assuming it's even a pointer into the kernelcache itself.

I'd take half a sandwich.

[the-rc]

Little endianness considered harmful

[bean-weevil]

Yeah, you could probably contrive a situation where you get more interesting information (page numbers maybe?), but it definitely doesn't seem likely to me-

[buzzergfxkjkl]

Good to find the bug regardless! I appreciated the succinct and not overly dramatic write-up. I don't think anything significant was claimed other than the fact that it is a kernel bug (which is significant in itself don't get me wrong).

[duskwuff]

You are correct. It's clearly a bug, but the impact in shipping kernels appears to be limited to "leaking" some non-sensitive data.