Most "lightweight" virtualization solutions are more or less based on the chroot-idea - with hidden processes from the "master". I did not see any CERTs about problems there but this does not seem to be what you are searching for.
A Hypervisor approach might be more the direction you are looking for - but I would not count that as "lightweight" (also a PV XEN DomU is pretty fast). Strictly speaking the Dom0 does not start the DomU - it tells the Hypervisor to do so - but there have beens CERTs about priviledge escalation (VMWare ESX and XEN). I don`t know about Hyper-V though.
For a better isolation of user rights - where there is a user-space process spawning an "isolated" VM there is VirtualBox - but again - not lightweight. This is full virtualization, but the VMs can be started as "normal" user. The user has to have access to the underlying disk - and if you want/need to - usb-devices.
Apart from that there is a kernel module for the networking stuff, which seems to work quite well (using DKMS).