FreeBSD versions 7.0 through 7.2 suffer from a pseudofs NULL pointer dereference vulnerability. Due to a spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), a null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating a page at address 0x0, an attacker can overwrite an arbitrarily chosen portion of kernel memory, leading to a crash or local root escalation.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/93640/fbsdpseudofs-nullpointer.txt
Source: https://packetstormsecurity.com/files/93640/FreeBSD-7.0-7.2-pseudofs-NULL-Pointer-Dereference.html