The _getdatablock function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FSIOC_FIEMAP ioctl.
{ "urgency": "not yet assigned" }