Let's do not freak out over the scary stories of
the self-entitled Dictator from Cucumbers Country...
First of all,
F2FS is a Flash Filesystem, in the same bandwagon with
UBIFS or
YAFFS2, read: a thing for the flash memories used by (some) embedded devices for the operating system and data, i.e. the Android phones and boards. And those flash memories are physically mounted in those devices, not something plug-and-play.
So, the ability of your system to interact with a "prepared" F2FS partition is next to zero.
Secondly, the CVE is about
a privilege escalation method for local users.
I strive to bear attention to the words:
local users.
For example, one could imagine (or invent) a
Magic SDCARD, which give you a root access when it is
physically inserted on system and mounted, as non-privileged user.
I strive to bear attention to the word:
physically.
Because any security expert would consider that:
when the hacker have physical access to a computer, it could be considered compromised from the starts.
The hack applicability?
Someone to hack your computer and steal or manipulate your data
at job, when someone gives him another non-privileged user account, i.e. one of your colleagues.
Yet, I find hard to consider that a
Company which need that level of confidentiality that other of your co-workers to not know and have access to your work data, to not have strong policies against hacking, a very skilled network administration and
physically prepared computers against hacking or unauthorized access.
Also, in this case, would be rather stupid for them
to even give a chance to you (or others) to plug even an USB memory stick in the computer.
I.e. most likely any of USB or flash memory plugs would be
physically disabled.
100%
