user namespace is really a cool concept in #linux, basically an elegant way to permit to user processes to mount an entire filesystem where they can act as root.
It is used in containers and browser sandboxes, to effectively isolate processes.
But there are problems here: now, when user namespaces is activated in the kernel, ANY user process (so any random app) can access a gigantic amout of functions and kernel calls that was intended to be ran from a root user.
These functions have bugs.
These bugs wasnt a security threat before, because if you are already root and you are invoking a kernel function to trigger a bug that makes the kernel crash.... Well, you was already root.
The process that invoked the function was already in total control of the machine, so the bug was basically useless for hackers to use in a chain of exploits.
Now, with user namespaces, a user process can invoke these functions to trigger the bugs to crash the kernel or whatelse: these bugs now are security threats.
Solutions?
Seems there isnt a better alternative to do this kind of sandboxing in linux, so the solutions are [fixing the bugs®] and restrict the capability of use user namespaces to a whitelist of trusted apps (like containers, browsers, flatpak, systemd-something, and apps that in the future will start using it....)