If the linker puts a pointer there, this would let you leak part of the pointer which could let you bypass kaslr. Not too likely for that to occur. If I were submitting this bug I would feel complete if they bought me a sandwich.

The bottom 2 bytes of a pointer contain two bits of the slide, assuming it's even a pointer into the kernelcache itself.

I'd take half a sandwich.

Little endianness considered harmful

Yeah, you could probably contrive a situation where you get more interesting information (page numbers maybe?), but it definitely doesn't seem likely to me-

Good to find the bug regardless! I appreciated the succinct and not overly dramatic write-up. I don't think anything significant was claimed other than the fact that it is a kernel bug (which is significant in itself don't get me wrong).

You are correct. It's clearly a bug, but the impact in shipping kernels appears to be limited to "leaking" some non-sensitive data.