kernel read/write primitive. That said, for maximum reliability, if the PUAF exploit is repeatable (e.g. PhysPuppet and Landa), an attacker could instead obtain a PUAF primitive on a smaller number of pages, then attempt to get the kernel read/write primitive, and repeat the process as ...