The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.
3.13.0-135.1844.4.0-96.119~14.04.14.4.0-96.1194.4.0-1035.444.13.0-1005.74.10.0-1008.84.4.0-1031.314.13.0-32.35~16.04.14.4.0-1074.824.4.0-1076.81Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H