{"schema_version":"1.7.2","id":"OESA-2026-2052","modified":"2026-04-25T05:49:16Z","published":"2026-04-25T05:49:16Z","upstream":["CVE-2026-40393"],"summary":"mesa security update","details":".\r\n\r\nSecurity Fix(es):\n\nIn Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.(CVE-2026-40393)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"mesa","purl":"pkg:rpm/openEuler/mesa&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.3-5.oe2403"}]}],"ecosystem_specific":{"aarch64":["mesa-debuginfo-24.0.3-5.oe2403.aarch64.rpm","mesa-debugsource-24.0.3-5.oe2403.aarch64.rpm","mesa-dri-drivers-24.0.3-5.oe2403.aarch64.rpm","mesa-filesystem-24.0.3-5.oe2403.aarch64.rpm","mesa-libEGL-24.0.3-5.oe2403.aarch64.rpm","mesa-libEGL-devel-24.0.3-5.oe2403.aarch64.rpm","mesa-libGL-24.0.3-5.oe2403.aarch64.rpm","mesa-libGL-devel-24.0.3-5.oe2403.aarch64.rpm","mesa-libOSMesa-24.0.3-5.oe2403.aarch64.rpm","mesa-libOSMesa-devel-24.0.3-5.oe2403.aarch64.rpm","mesa-libd3d-24.0.3-5.oe2403.aarch64.rpm","mesa-libd3d-devel-24.0.3-5.oe2403.aarch64.rpm","mesa-libgbm-24.0.3-5.oe2403.aarch64.rpm","mesa-libgbm-devel-24.0.3-5.oe2403.aarch64.rpm","mesa-libglapi-24.0.3-5.oe2403.aarch64.rpm","mesa-libxatracker-24.0.3-5.oe2403.aarch64.rpm","mesa-libxatracker-devel-24.0.3-5.oe2403.aarch64.rpm","mesa-omx-drivers-24.0.3-5.oe2403.aarch64.rpm","mesa-vdpau-drivers-24.0.3-5.oe2403.aarch64.rpm","mesa-vulkan-drivers-24.0.3-5.oe2403.aarch64.rpm"],"src":["mesa-24.0.3-5.oe2403.src.rpm"],"x86_64":["mesa-debuginfo-24.0.3-5.oe2403.x86_64.rpm","mesa-debugsource-24.0.3-5.oe2403.x86_64.rpm","mesa-dri-drivers-24.0.3-5.oe2403.x86_64.rpm","mesa-filesystem-24.0.3-5.oe2403.x86_64.rpm","mesa-libEGL-24.0.3-5.oe2403.x86_64.rpm","mesa-libEGL-devel-24.0.3-5.oe2403.x86_64.rpm","mesa-libGL-24.0.3-5.oe2403.x86_64.rpm","mesa-libGL-devel-24.0.3-5.oe2403.x86_64.rpm","mesa-libOSMesa-24.0.3-5.oe2403.x86_64.rpm","mesa-libOSMesa-devel-24.0.3-5.oe2403.x86_64.rpm","mesa-libd3d-24.0.3-5.oe2403.x86_64.rpm","mesa-libd3d-devel-24.0.3-5.oe2403.x86_64.rpm","mesa-libgbm-24.0.3-5.oe2403.x86_64.rpm","mesa-libgbm-devel-24.0.3-5.oe2403.x86_64.rpm","mesa-libglapi-24.0.3-5.oe2403.x86_64.rpm","mesa-libxatracker-24.0.3-5.oe2403.x86_64.rpm","mesa-libxatracker-devel-24.0.3-5.oe2403.x86_64.rpm","mesa-omx-drivers-24.0.3-5.oe2403.x86_64.rpm","mesa-vdpau-drivers-24.0.3-5.oe2403.x86_64.rpm","mesa-vulkan-devel-24.0.3-5.oe2403.x86_64.rpm","mesa-vulkan-drivers-24.0.3-5.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2052"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40393"}],"database_specific":{"severity":"Critical"}}