integer overflow in semget() allows root to write kernel memory.
vulners.com/securityvulns/securityvulns:doc:5086