Exactly. Since containers share the same kernel with the host, if there is a kernel bug that can be exploited from within a container, it makes the whole host vulnerable.