USN-4960-1: runC vulnerability
Etienne Champetier discovered that runC incorrectly checked mount targets.
An attacker with a malicious container image could possibly mount the host
filesystem into the container and escalate privileges.
Source: USN-4960-1: runC vulnerability