FreeBSD versions 11.0 through 13.0 suffers from a local
privilege escalation vulnerability via an aio_aqueue kernel
refcount bug. This research post goes into great depth on how the
researcher traversed the logic flow and achieved
exploitability.
Read more https://packetstormsecurity.com/files/168105/freebsd-escalate.pdf