PlayStation: Double fdrop on a socket through sys_netcontrol

The netcontrol syscall in the kernel had a vulnerability where the socket file descriptor was not properly validated when removing a socket from a netevent structure. This allowed an attacker to cause a double fdrop on a socket, potentially leading to a use-after-free condition...

CVE-2003-1234

Integer overflow in the fcount counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service crash and possibly execute arbitrary code via multiple calls to 1 fpathconf and 2 lseek, which do not properly decrement fcount through a call to fdrop...