The UDEREF feature of PaX prevents the kernel from accessing userland memory directly and has
been doing so for 2 years now, close to a year before the vulnerability class ever became
public. It makes use of segmentation on x86 to accomplish this, so due to Linus' rules it
will never be accepted into the mainline kernel.