diff --git a/FreeBSD/PS4 5.05 BPF Double Free Kernel Exploit Writeup.md b/FreeBSD/PS4 5.05 BPF Double Free Kernel Exploit Writeup.md
index d2bc47f..2c4788f 100644
--- a/FreeBSD/PS4 5.05 BPF Double Free Kernel Exploit Writeup.md	
+++ b/FreeBSD/PS4 5.05 BPF Double Free Kernel Exploit Writeup.md	
@@ -81,7 +81,7 @@ static int bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
 }
 ```
 
-We can see that there are variables on the stack to hold filter pointers, including one for the `old` filter which eventually gets free()'d. If the ioctl command is set to `BIOSETWF`, the pointer from `d->bd_wfilter` is copied to the `old` stack variable.
+We can see that there are variables on the stack to hold filter pointers, including one for the `old` filter which eventually gets free()'d. If the ioctl command is set to `BIOCSETWF`, the pointer from `d->bd_wfilter` is copied to the `old` stack variable.
 
 Later on, we can see that they lock the BPF descriptor, and null the references to the filters. They lock the reference clearing, but what about the pointer of `d->bd_wfilter` being copied to the stack? As we've seen in previous exploits, multiple threads can run and use the same `bpf_d` object. If we were to race setting two filters in parallel, there's a chance that both threads will copy the same pointer to their kernel stacks, eventually resulting in a double free as both pointers will be processed.