What damages can be done by an untrusted Docker container?
Yes, it has access to your Kernel, so basically, you have small protection, as you can see it here.
About burning your CPU, when CPU get's to some temperature, some motherboards shutdown computer to avoid "burning" CPU (if is that you' talking about).
There's a few things you can do to improve security, as you can see it here:
SELinux - Enabling this will automatically generate an MCS label for each container, limiting its ability to do damage.
Read-Only - You can also mark the container read-only which can allow you make large portions of the container's image read-only, which can make it harder for an attacker to deploy malware.
Self-Hosted Registry - To reduce the risk of image tampering, loading malicious containers, leaking secrets, or otherwise putting yourself at risk you can host a registry internally. https://github.com/dogestry/dogestry is an example of one which sits on top of S3, though there are other options as well.