The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
https://www.sudo.ws/stable.html#1.9.5
https://security.netapp.com/advisory/ntap-20210129-0010/
https://security.gentoo.org/glsa/202101-33
https://lists.debian.org/debian-lts-announce/2022/11/msg00007.html