diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -2790,7 +2790,7 @@
     bool (*cb)(const Elf_Note *, void *, bool *), void *cb_arg)
 {
 	const Elf_Note *note, *note0, *note_end;
-	const char *note_name;
+	const char *note_name, *note_desc;
 	char *buf;
 	int i, error;
 	bool res;
@@ -2843,6 +2843,10 @@
 		    (const char *)note_end || strncmp(note_vendor,
 		    note_name, checknote->n_namesz) != 0)
 			goto nextnote;
+		note_desc = note_name + roundup2(note->n_namesz,
+		    ELF_NOTE_ROUNDSIZE);
+		if (note_desc + note->n_descsz > (const char *)note_end)
+			goto nextnote;
 
 		if (cb(note, cb_arg, &res))
 			goto ret;