FreeBSD Security Advisory – The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/91745/FreeBSD-SA-10.07.mbuf.txt
Source: https://packetstormsecurity.com/files/91745/FreeBSD-Security-Advisory-mbuf-Flag-Data-Corruption.html