From 09e835b587bf71249775654061ae4c79e92cf430 Mon Sep 17 00:00:00 2001
From: cts <14918218+stong@users.noreply.github.com>
Date: Tue, 19 May 2026 22:25:55 +0900
Subject: [PATCH] add video

---
 pintheft/README.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pintheft/README.md b/pintheft/README.md
index 6aaf964..88aada6 100644
--- a/pintheft/README.md
+++ b/pintheft/README.md
@@ -1,5 +1,7 @@
 # PinTheft
 
+https://github.com/user-attachments/assets/5d411fb7-24c3-49d6-b8f7-ae73f80300a9
+
 ## Abstract
 
 PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy
@@ -7,7 +9,9 @@ double-free that can be turned into a page-cache overwrite through `io_uring`
 fixed buffers.
 
 PinTheft was discovered with [V12](https://v12.sh) by Aaron Esau of the
-[V12 security team](https://x.com/v12sec).
+[V12 security team](https://x.com/v12sec). We duped on this bug with some other teams
+and a [patch](https://lore.kernel.org/netdev/20260505234336.2132721-1-achender@kernel.org/) is available
+so we are releasing our PoC.
 
 > Want to find issues like this in your own code? Try V12 at [v12.sh](https://v12.sh).
 
@@ -142,8 +146,6 @@ also handles kernels with `CONFIG_INIT_ON_ALLOC_DEFAULT_ON` by arranging for the
 target page to be populated after allocator zeroing and after the filesystem
 fills the page from disk.
 
-A [patch](https://lore.kernel.org/netdev/20260505234336.2132721-1-achender@kernel.org/) is available.
-
 Confirmed default exposure is limited by module availability. The required RDS
 module is default on Arch Linux, but not on most common distribution kernels we
 checked.