CVE-2009-2649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2649): The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.
*** This bug has been marked as a duplicate of bug 277662 ***