rpm package
suse/Mesa&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/Mesa&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40393 | Hig | 8.1 | < 20.2.4-150300.59.12.1 | 20.2.4-150300.59.12.1 | Apr 12, 2026 | In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. | |
| CVE-2023-45922 | — | < 20.2.4-150300.59.9.1 | 20.2.4-150300.59.9.1 | Mar 27, 2024 | glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | ||
| CVE-2023-45919 | — | < 20.2.4-150300.59.9.1 | 20.2.4-150300.59.9.1 | Mar 27, 2024 | Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | ||
| CVE-2023-45913 | — | < 20.2.4-150300.59.9.1 | 20.2.4-150300.59.9.1 | Mar 27, 2024 | Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disput |
- affected < 20.2.4-150300.59.12.1fixed 20.2.4-150300.59.12.1
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
- CVE-2023-45922Mar 27, 2024affected < 20.2.4-150300.59.9.1fixed 20.2.4-150300.59.9.1
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
- CVE-2023-45919Mar 27, 2024affected < 20.2.4-150300.59.9.1fixed 20.2.4-150300.59.9.1
Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
- CVE-2023-45913Mar 27, 2024affected < 20.2.4-150300.59.9.1fixed 20.2.4-150300.59.9.1
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disput