Dirty Stream allows malicious apps to send a file with a manipulated filename or path to another app using a custom intent. The target app is misled into trusting the filename or path and executes or stores the file in a critical directory.
Couldn’t Android filter these names so they can’t contain a path?
Recently I got a new PC with Windows, and it could resize its partition without problems. You can do it even with Powershell. I don’t know how dangerous it is, but with the whole “copying user data” I would hope that the installer would advise users to create a full backup anyway.