Linux 2.x kernel sock_sendpage() local root exploit. It works on 2.4, 2.6, x86, x64, 4k stacks, 8k stacks, with/without cred framework, bypasses mmap_min_addr in any public way possible (auto-detecting which method to use).
085bb4412db15ce9acadc2e1a2519153ebf77890ac9c1ffc08873eb10d337f04