Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir(CVE-2017-8477)

We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works by first filling a large portion of the kernel stack with a controlled...