tl;dr The Sylabs team recently discovered an exploit vector to all container runtimes, that allows a malicious user to gain additional privileges within a container on hosts running kernels that do not support the PR_SET_NO_NEW_PRIVS feature.

Singularity is not the only container platform affected; this vulnerability can be exploited using any container runtime on a vulnerable kernel.