Oracle Solaris 11 Device Driver Utility version 1.3.1 suffers from an insecure use of /tmp that can allow for a race condition which leads to privilege escalation. Included exploit provides a root shell.
ab9f7d499e25ee29f512a1665d6b70ae126fc6bd0318afb737ac4598bbd67bee