From 3136a9f960a46bf424dd8f5d10e1bc0dc2942cac Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Thu, 28 May 2026 17:24:32 +0000
Subject: [PATCH] unzero'd padding bytes in struct reg and struct fpreg (both
 machine dependent) leak kernel stack contents. from Andrew Griffiths at Calif

---
 sys/kern/exec_elf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c
index 972f38fd3fd..0caa506f8c5 100644
--- a/sys/kern/exec_elf.c
+++ b/sys/kern/exec_elf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exec_elf.c,v 1.197 2026/05/11 06:09:45 jsg Exp $	*/
+/*	$OpenBSD: exec_elf.c,v 1.198 2026/05/28 17:24:32 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1996 Per Fogelstrom
@@ -1554,6 +1554,7 @@ coredump_note_elf(struct proc *p, void *iocookie, size_t *sizep)
 
 	notesize = sizeof(nhdr) + elfround(namesize) + elfround(sizeof(intreg));
 	if (iocookie) {
+		memset(&intreg, 0, sizeof(intreg));
 		error = process_read_regs(p, &intreg);
 		if (error)
 			return (error);
@@ -1573,6 +1574,7 @@ coredump_note_elf(struct proc *p, void *iocookie, size_t *sizep)
 #ifdef PT_GETFPREGS
 	notesize = sizeof(nhdr) + elfround(namesize) + elfround(sizeof(freg));
 	if (iocookie) {
+		memset(&freg, 0, sizeof(freg));
 		error = process_read_fpregs(p, &freg);
 		if (error)
 			return (error);