An update for mesa is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2048 Final 1.0 1.0 2026-04-25 Initial 2026-04-25 2026-04-25 openEuler SA Tool V1.0 2026-04-25 mesa security update An update for mesa is now available for openEuler-24.03-LTS-SP1 . Security Fix(es): In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.(CVE-2026-40393) An update for mesa is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical mesa https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2048 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40393 https://nvd.nist.gov/vuln/detail/CVE-2026-40393 openEuler-24.03-LTS-SP1 mesa-24.0.3-5.oe2403sp1.src.rpm mesa-debuginfo-24.0.3-5.oe2403sp1.aarch64.rpm mesa-debugsource-24.0.3-5.oe2403sp1.aarch64.rpm mesa-dri-drivers-24.0.3-5.oe2403sp1.aarch64.rpm mesa-filesystem-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libEGL-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libEGL-devel-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libGL-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libGL-devel-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libOSMesa-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libOSMesa-devel-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libd3d-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libd3d-devel-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libgbm-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libgbm-devel-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libglapi-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libxatracker-24.0.3-5.oe2403sp1.aarch64.rpm mesa-libxatracker-devel-24.0.3-5.oe2403sp1.aarch64.rpm mesa-omx-drivers-24.0.3-5.oe2403sp1.aarch64.rpm mesa-vdpau-drivers-24.0.3-5.oe2403sp1.aarch64.rpm mesa-vulkan-drivers-24.0.3-5.oe2403sp1.aarch64.rpm mesa-debuginfo-24.0.3-5.oe2403sp1.x86_64.rpm mesa-debugsource-24.0.3-5.oe2403sp1.x86_64.rpm mesa-dri-drivers-24.0.3-5.oe2403sp1.x86_64.rpm mesa-filesystem-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libEGL-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libEGL-devel-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libGL-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libGL-devel-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libOSMesa-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libOSMesa-devel-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libd3d-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libd3d-devel-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libgbm-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libgbm-devel-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libglapi-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libxatracker-24.0.3-5.oe2403sp1.x86_64.rpm mesa-libxatracker-devel-24.0.3-5.oe2403sp1.x86_64.rpm mesa-omx-drivers-24.0.3-5.oe2403sp1.x86_64.rpm mesa-vdpau-drivers-24.0.3-5.oe2403sp1.x86_64.rpm mesa-vulkan-devel-24.0.3-5.oe2403sp1.x86_64.rpm mesa-vulkan-drivers-24.0.3-5.oe2403sp1.x86_64.rpm In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. 2026-04-25 CVE-2026-40393 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H mesa security update 2026-04-25 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2048