The 2010 Pwnie Nominee For Best Privilege Escalation Bug

Linux sock_sendpage NULL pointer dereference (CVE-2009-2692)

Credit: Tavis Ormandy and Julien Tinnes

In August 2009, Tavis and Julien discovered a very easily exploitable NULL pointer dereference bug that affected all Linux kernels since 2001. Their advisory led to highly reliable exploits for all popular architectures, including x86, x64, PPC and and ARM.