Capsule8 Labs has created an exploit that removes the process from its confines and gives it root access in the Real World. The exploit uses a combination of two vulnerabilities that were discovered and exploited by Andrey Konovalov, a Googler who regularly shares vulnerabilities he finds, along with exploit code. We use the first vulnerability as our ASLR bypass, as the method included in the second PoC exploit is unreliable if the target system has a high uptime. Once any kernel-land vulnerability which yields arbitrary code execution can be exploited to escape a container.”]
Source: https://capsule8.com/blog/practical-container-escape-exercise/