The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags,
which allows local users to gain privileges by calling chroot and leveraging the sharing of the
/ directory between a parent process and a child process.
Vulnerability reference:
before 3.8.3
$ cc -Wall clown-newuser.c -static
$ ./a.out