A flaw was found in the Linux kernel where map_write() in kernel/user_namespace.c allows privilege escalation as it mishandles nested user namespaces with more than 5 UID or GID ranges. An unprivileged user with CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace. This is possible because a user/group id transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.