defend rms!
https://libreboot.org/news/rms.html
out-of-tree (https://github.com/jollheef/out-of-tree) has been integrated to Linux Kernel Runtime Guard.
Now you can use the upstream repository (http://github.com/openwall/lkrg) for [[preload]] section in .out-of-tree.toml to check exploits against it.
Aside from exploitation, now you can build an LKRG module for the target system without pain :)
Here are results of testing exploits from https://github.com/jollheef/lpe with the LKRG by Openwall (https://www.openwall.com/lkrg/)
For unprepared (no code to bypass LKRG) exploits it actually works well. Only CVE-2016-5195 (aka Dirty COW) still works.
out-of-tree v1.4.0 has been released: https://github.com/jollheef/out-of-tree/releases/tag/v1.4.0
Added ability to preload any supported kernel module just by a URL. It can be used to develop new mitigations and test existing exploits against them.
Checkout example of usage with LKRG here: https://github.com/jollheef/out-of-tree/blob/master/examples/preload/.out-of-tree.toml