The 5.70 ifhandle actually exists from 5.00 times. I posted it on IRC when I found out it was patched on 6.20. It's a race condition exploit where the input linked list is searched for kernel addresses. What you you do is:
[ Data #1 ]
[ Data #2 ]
Have two data structures and link #1 to #2 and then #2 back onto itself so you have a circular loop. Create a second thread and let it sleep for a second or two and let the creator call a chosen ifhandle function with this structure. Now, when the created thread resumes, Data #1 will have been checked for kernel addresses and now it's constantly checking #2. This is the easy part now, link #1 to NULL, add kernel addresses into #1 and then when you want the other thread to resume proper execution, just link #2 to NULL.
After that, the syscall thread will resume thinking it has checked for addresses but in reality, the list has kernel addresses and you can do what you want.
The bug is a design flaw in the module, really nice exploit, probably my favourite next to the other ifhandle one.
I'd show the code, but I dont have it handy, if anybody else does, feel free to show it.