A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been unearthed by researchers. They have also flagged a closely related vulnerability that could lead to a denial of service condition. The source of both flaws is the incorrect handling of long path names. All Linux kernel versions from 2014 (Linux 3.16) onwards are vulnerable, Qualys said. The company sent the advisories for the flaws to Red Hat Product Security in early June.
Source: https://www.helpnetsecurity.com/2021/07/20/cve-2021-33909/