I tested on a fully up-to-date Debian 13 and the exploit works. The mitigation also works / confirmed.