diff --git a/.gitignore b/.gitignore
index 173d34005d35a636040f99dd3ede382f441639b7..68bebfe9791d09e400ea42547bf290739ca689f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,8 @@
 /buildroot-2018.02.6.tar.gz
 /linux-3.10.105
 /linux-3.10.105.tar.gz
+/linux-3.18.55
+/linux-3.18.55.tar.gz
 /linux-4.4.70
 /linux-4.4.70.tar.gz
 /linux-4.14.75
diff --git a/README.md b/README.md
index 1a2edc3514a334b088e768f473165298add47268..bc9765c5eeaffa2b0b0eb2173d4c5e0b736fb977 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,9 @@
 ### CVE-2017-8890
+Vulnerable kernel version:
+- 3.10.105
+- 3.18.55
+- 4.4.70
+
 vuln in inet_csk_clone_lock in net/ipv4/inet_connection_sock.c
 - https://elixir.bootlin.com/linux/v3.10.105/source/net/ipv4/inet_connection_sock.c#L674
 
diff --git a/compile.sh b/compile.sh
index d342151f2414c14125a36048185aa0d23c53a39b..55acaab70d45b00b0855e1d02e97553db4aa6d4d 100755
--- a/compile.sh
+++ b/compile.sh
@@ -3,6 +3,7 @@
 SCRIPTDIR=$(dirname "$0")
 
 cd $SCRIPTDIR/busybox-1.29.3/_install/
+cp ../../rcS etc/init.d/rcS
 aarch64-linux-gnu-gcc ../../CVE-2017-8890_PoC.c -o CVE-2017-8890_PoC -static -pthread -O0
 aarch64-linux-gnu-gcc ../../test_ipv6_multicast.c -o test_ipv6_multicast -static -pthread -O0
 find . | cpio -o --format=newc > ../rootfs.img
diff --git a/rcS b/rcS
new file mode 100755
index 0000000000000000000000000000000000000000..25ef022e9214d911af789ca6c6acb5cfcc364493
--- /dev/null
+++ b/rcS
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+mount -t proc none /proc
+mount -t sysfs none /sys
+/sbin/mdev -s
+
+# enable localhost
+ip link set lo up
+# enable ethernet
+ip link set eth0 up
+# enable ipv6 over ipv4
+ip link set sit0 up
+
+# enable fake ipv4 multicast if eth0 is not available
+#ip route add 224.0.0.0/4 dev lo
+
+# this ipv6 variant does not work :(
+#ip route add ff00::/8 dev lo
diff --git a/run.sh b/run.sh
index 549201fa9a00d5acfc29b8d2cb5678a93375e9f7..c4a2cd7bccc6b4d303eeb22b1ca9ffe1172a73f7 100755
--- a/run.sh
+++ b/run.sh
@@ -8,6 +8,8 @@ elif [ "$1" == "buildroot" ]; then
     qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/buildroot-2018.02.6/output/images/rootfs.cpio -append "console=ttyAMA0 root=/dev/ram rdinit=/init" -s
 elif [ "$1" == "3.10" ]; then
     qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-3.10.105/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
+elif [ "$1" == "3.18" ]; then
+    qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-3.18.55/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
 elif [ "$1" == "4.4" ]; then
     qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
 elif [ "$1" == "4.14" ]; then