In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
6.8.0-31.315.13.0-19.195.3.0-18.195.3.0-24.265.4.0-9.124.13.0-16.194.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-2.163.11.0-12.196.5.0-9.96.8.0-1008.84.4.0-1002.25.13.0-1005.6Exploitability
AV:LAC:LPR:LUI:NScope
S:CImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H