mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ecryptfs-utils": "104-0ubuntu1.14.04.4", "libecryptfs0-dbgsym": "104-0ubuntu1.14.04.4", "libecryptfs-dev-dbgsym": "104-0ubuntu1.14.04.4", "libecryptfs-dev": "104-0ubuntu1.14.04.4", "python-ecryptfs": "104-0ubuntu1.14.04.4", "ecryptfs-utils-dbgsym": "104-0ubuntu1.14.04.4", "ecryptfs-utils-dbg": "104-0ubuntu1.14.04.4", "python-ecryptfs-dbgsym": "104-0ubuntu1.14.04.4", "libecryptfs0": "104-0ubuntu1.14.04.4" } ] }