This exploit takes advantage of the same underflow as the original, but takes a different approach. Instead of underflowing into userspace (which doesn't work on 64-bit systems and is a lot of work), the author uses an underflow to some static values inside of the kernel which are referenced as pointers to userspace. This method is pretty simple and seems to be reliable.
a995031b16200885fe411f974f79c2dcc6dedf5c9fb51e3bf3e91e4c579e74bb