The normal docker engine runs as daemon with root permissions. If unprivileged users are granted access to the docker.sock, they can effectively use docker for permission escalation. It should be no surprise, as it is mentioned in the documentation.

You might want to look at this topic for further ideas: