Leaking two random bytes and in some cases just padding bytes to user space is not the end of the world and I don't get why there are so many negative comments blaming Apple for not handing out a handsome bounty for this bug.
It's still a security bug. Often, multiple bugs like this are chained together to create one very nasty exploit. I agree that this bug probably does not deserve a massive payout, but I think $3,000-5,000$ is appropriate.