Vulnerability Database

318,638

Total vulnerabilities in the database

CVE-2017-18257

The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.

Published: Apr 4, 2018
Updated: Nov 9, 2025
CVE: CVE-2017-18257
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	4.11
debian / debian_linux	9.0	9.0.x

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143
https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
https://www.debian.org/security/2018/dsa-4188

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo