They had root inside a jail, which isn't the same as being root outside the jail. To be able to gain arbitrary code execution in kernel mode from a jail is a security vulnerability.
They did break out of a jail, the vulnerability was used to gain arbitrary code execution in kernel mode, which was used to modify the cr_prison structure, thus performing a jailbreak.
It's been done before, for example the "BadIRET" vulnerability (CVE-2015-5675) was used to jailbreak FreeBSD on the PS4 a couple of years ago.
You should still be rather careful with this, as they have access to the same kernel as the host, and could potentially jailbreak through kernel vulnerabilities.
They had root inside a jail, which isn't the same as being root outside the jail. To be able to gain arbitrary code execution in kernel mode from a jail is a security vulnerability.
They did break out of a jail, the vulnerability was used to gain arbitrary code execution in kernel mode, which was used to modify the cr_prison structure, thus performing a jailbreak.
It's been done before, for example the "BadIRET" vulnerability (CVE-2015-5675) was used to jailbreak FreeBSD on the PS4 a couple of years ago.
You should still be rather careful with this, as they have access to the same kernel as the host, and could potentially jailbreak through kernel vulnerabilities.