I wrote a new metasploit module, docker_privileged_container_escape, that escapes from a docker container with access to the docker sock obtaining a root shell on the host operating system.

Screenshot showing a container escape using docker_privileged_container_escape