Hi, a modification of the exploit that finds the address of sys_vmsplice in the kernel (using /proc/kallsyms) and replaces the first byte with a RET instruction (using mmap of /dev/kmem) is available at http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c -- Morten Hustveit