An attacker with a low-privileged user on a Linux machine with an overlay mount which has a file capability in one of its layers may escalate his privileges up to root when copying a capable file from a nosuid mount into another mount.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2014278]