FreeBSD Sysret Instruction Privilege Escalation Exploit

On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2012-0217
Product Version: 
12.3
Released Date: 
Thursday, July 5, 2012 - 00:00