know your C; Fixing a Linux Kernel security bug by rearranging an if phrase

There is a new CVE in town; CVE-2022-2639 which targets the OpenVSwitch kernel module and lets OOB attacks. But it can be fixed in one line! By replacing: if A - B is lower than C with if B + C is greater than A But aren't these equal? Not in C but the answer goes deeper than "int overflow". We will have a look into the bug and it solution and will check our original C book to learn more about comparisons in C. Have fun :) 00:00 - Describing the bug 03:00 - Checking the Fix 08:03 - Programming a Proof Of Concept in C 12:00 - Describing the C if type conversiona CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-2639 Kernel Commit on github: https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8