In 2002 I submitted a number of exploitable conditions in the OpenBSD Kernel. These conditions required specific hardware or kernel options to be exploitable.
It is strange that they were never fully disclosed by OpenBSD, and are not part of the security bug list they show on their site.
For the record, I think OpenBSD do a good job. And from looking at the list of security bugs they disclose, seem not overly secretive. Theo DeRaadt responded to my bug report within seconds of me having sent it, so they take seriously the nature of such reports. I am sure that other kernel bugs are present, as kernel auditing on the opensource platforms has not received an enormous amount of attention.