Credit: Ian Beer
TL;DRyou cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very exploitable bugs as a result.
When Ian can’t even be bothered to grep for all of the instances of a bug, you might have a problem.