FreeBSD versions 7.0 through 7.2 pseudofs null pointer dereference local exploit.
22f7237d83ef0a7ecbc6f409a5b2a8f85c968be8f991ec9d649f3b126b963114
FreeBSD versions 7.0 through 7.2 suffer from a pseudofs NULL pointer dereference vulnerability. Due to a spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), a null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating a page at address 0x0, an attacker can overwrite an arbitrarily chosen portion of kernel memory, leading to a crash or local root escalation.
a855fffa300b7f55f74d0715f967bca60e0020b4c7e86448ff0dcbf6e9626f3c
FreeBSD version 7.2 VFS/devfs race condition local root exploit.
0962dc609b578253e7a0077ff12df2f5ca748f4130b4878e9ea7f88748d745d0
FreeBSD version 6.4 pipeclose()/knlist_cleardel() race condition exploit that results in a NULL pointer dereference and runs code in kernel mode giving a root shell and escaping from jail.
ff5a5f20c66ed5ad7afaa75d4c20c068bb2ea0c34ba9b00106c522b3827ab739
FreeBSD versions 6.1 and below kqueue() NULL pointer dereference race condition local root exploit.
1954132bfa966f8b2f00fbd93282630ff392c376db14de7c34bfa84008a1c31b
Local root sock_sendpage() exploit for the Linux 2.x kernel. Versions 2.4.4 through 2.4.37.4 and 2.6.0 through 2.6.30.4 are affected.
f42dfe47cb863d9dbaea5fa4a84ad6b25e92ec217b82a576a639573e9e4f98ef