In 2009 there were 110 Linux kernel vulns released. Think about it - that's an average of about two a week. This is your phone, your TV, your in-car entertainment system.
Finding these bugs isn't hard. Go and download the source tree and search through for strcpy, then trace it back to the function and see where it's used. Then try the same for kfree, kmalloc and vmalloc.
You don't even have to download the code for this. Here's an strcpy search on FreeBSD: http://fxr.watson.org/fxr/search?string=strcpy
Once you have one of these functions you can chart the call path and data structures back to something a user can control. Once you have that, you're in with a good chance of getting a working exploit.
For those that are interested in learning how to write exploit code, I'd highly recommend The Shellcoder's Handbook - http://www.amazon.co.uk/Shellcoders-Handbook-Discovering-Exp...
This shellcoder handbook is good...
http://www.amazon.com/Shellcoders-Handbook-Discovering-Explo...
And articles such as this one by steve hanna
http://www.vividmachines.com/shellcode/shellcode.html
and this one by Aleph One on phrack,
http://phrack.org/issues/49/14.html
(by the way, many articles on phrack are really good)
Some more recent versions of smashing the stack are,
http://www.mgraziano.info/docs/stsi2010.pdf
https://paulmakowski.wordpress.com/2011/01/25/smashing-the-s...
also check out the ezines by 29A -- although they are old, but you know, some good stuff are still really good today...
just do a little search...there are tons of articles out there on this topic...