{"schema_version":"1.7.2","id":"OESA-2026-2051","modified":"2026-04-25T05:49:15Z","published":"2026-04-25T05:49:15Z","upstream":["CVE-2026-40393"],"summary":"mesa security update","details":".\r\n\r\nSecurity Fix(es):\n\nIn Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.(CVE-2026-40393)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"mesa","purl":"pkg:rpm/openEuler/mesa&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.3.1-7.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["mesa-debuginfo-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-debugsource-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-dri-drivers-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-filesystem-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libEGL-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libEGL-devel-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libGL-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libGL-devel-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libOSMesa-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libOSMesa-devel-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libgbm-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libgbm-devel-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libglapi-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libxatracker-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-libxatracker-devel-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-vdpau-drivers-21.3.1-7.oe2203sp4.aarch64.rpm","mesa-vulkan-drivers-21.3.1-7.oe2203sp4.aarch64.rpm"],"src":["mesa-21.3.1-7.oe2203sp4.src.rpm"],"x86_64":["mesa-debuginfo-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-debugsource-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-dri-drivers-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-filesystem-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libEGL-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libEGL-devel-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libGL-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libGL-devel-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libOSMesa-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libOSMesa-devel-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libgbm-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libgbm-devel-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libglapi-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libxatracker-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-libxatracker-devel-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-vdpau-drivers-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-vulkan-devel-21.3.1-7.oe2203sp4.x86_64.rpm","mesa-vulkan-drivers-21.3.1-7.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2051"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40393"}],"database_specific":{"severity":"Critical"}}