Apparently there is a workaround for high uptime systems:
sysctl -w vm.legacy_va_layout=1
No need for emergency patch / reboot; this stops the attack cold until you can reboot in a more scheduled manner.
From https://access.redhat.com/security/cve/cve-2017-1000253
Biting the hand that feeds IT
