tl;dr explanation: the hotpatchers run "java -version" in the containers. The vulnerability is that they only entered the containers' namespaces to do this, and didn't apply seccomp filters or drop capabilities. This is equivalent to making it into a privileged container, which a malicious Java binary can then easily escape from (e.g., with the release_agent feature of cgroups, or by mounting one of the host's partitions).