1. 10
  1.  

  2. 2

    Eeek. The looks like it would even allow sandboxed processes to gain kernel privilege, so is a big problem for anything that’s using containers for isolation.