[原文]The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.
Multiple BSD kernfs lseek(2) Function Arbitrary Memory Disclosure
Local Access Required
Loss of Confidentiality
NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the lseek system call for the kernfs file system has insufficient bounds checking, which will disclose arbitrary memory information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: download 'kernfs_vnops.c' from CVS, then rebuild and reinstall the kernel.