Unpatched vulnerabilities affect the rkt container runtime that could be exploited by an attacker to escape the container and gain root access to the host. The rkt enter command allows users to execute binaries in a running container. An attacker can overwrite /bin/bash in the container, because it is the default binary executed if the user doesnt specify another. The attacker could also overwrite libc.so.6 in a container, which is likely to be loaded by processes spawned with rkt enter. RedHat has no plan for addressing the vulnerabilities.”]
Source: https://securityaffairs.co/wordpress/86499/hacking/rkt-container-flaws.html