Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001894 advisory. The clonemnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNTREADONLY flag, which allows local users to bypa...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002489 advisory. kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002230)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002230 advisory. fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002523 advisory. The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003163)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003163 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003129 advisory. Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003428 advisory. net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002453)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002453 advisory. fs/namespace.c in the Linux kernel before 4.0.2 processes MNTDETACH umount2 system calls without verifying that the MNTLOCKED flag is unset, which allows local users...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002531)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002531 advisory. The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003419)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003419 advisory. net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows loca...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002797 advisory. A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function getnetnsbyid in net/core/netnamespace.c...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000917)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000917 advisory. Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes...

CVE-2025-13772

A flaw was found in GitLab. An authenticated user could exploit this vulnerability by manipulating namespace identifiers in API requests. This could allow them to access and utilize AI model settings from unauthorized namespaces, leading to information disclosure and potential misuse of AI...

CVE-2025-13772

GitLab Enterprise Edition (EE) remediated a vulnerability where an authenticated user could access and use AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. Affected are EE versions: 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1...

CVE-2025-13772 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

CVE-2025-13772 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

CVE-2025-13772 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000347 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000238)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000238 advisory. A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong...

Bypassing Kyverno Policies via Double Policy Exceptions

Summary If a cluster has a Kyverno policy in enforce mode and there are two exceptions, this allows the policy to be bypassed, even if the first exception is more restrictive than the second. Details The following policy was applied: yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata:...