Interesting detective work. I really wonder how in this modern era people still write in a language that's so easy to screw up. I started writing C in late 1984 but have zero desire to ever even see it again. Today I do Swift, but if I were writing an OS Rust makes way more sense that C (which I hear is coming in Linux). Debugging broken C code seemed to often came down to tripping through memory not yours because you miss counted something. In my commercial memory allocator in the 90's I had a lot of features to catch such over/under/mis-writes, but it seems better to have the language not even let you screw up in this way, rather than try to catch it in a runtime test.

For those who look at the comments first, the first paragraph to give you context.

"A few weeks ago, I found and reported CVE-2022-25636 - a heap out of bounds write in the Linux kernel. The bug is exploitable to achieve kernel code execution (via ROP), giving full local privilege escalation, container escape, whatever you want."

This is pretty damning. What is actually needed to find a serious CVE in Linux:

  One night a few weeks back, I was bored. [...] so I decided to do some random (kernel) code review. 

So how does he decide which direction to look?

   ... a few notable bugs in the netfilter kernel subsystem ... relatively complex subsystem that’s widely available - the perfect target

That's an awfully low bar.