The last known possible way of breaking out of UML is to use a different system call mechanism. Linux recognizes lcall system calls as well as the standard int 0x80 calls.
These are part of the iBCS binary calling standard and, I believe, support was added to Linux when SCO compatibility was considered important.
That is no longer the case, but the support remains. The reason this is a problem is that lcall system calls are not seen by ptrace, which is how UML intercepts and annulls int 0x80 system calls.
Therefore, any process running inside UML that knows how to make lcall system calls will run them directly on the host.
This must be fixed on the host. There is nothing that can be done to UML to fix this. The way this will be done is to add a new personality to the host which disallows any iBCS compatibility by segfaulting any process which attempts to use it. UML will then set its personality to that and relay any resulting segfaults to its own processes.