This update for Mesa fixes the following issue:
- CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-707=1
- openSUSE Leap 16.0:
Mesa-24.3.3-160000.3.1
Mesa-KHR-devel-24.3.3-160000.3.1
Mesa-devel-24.3.3-160000.3.1
Mesa-dri-24.3.3-160000.3.1
Mesa-dri-devel-24.3.3-160000.3.1
Mesa-dri-nouveau-24.3.3-160000.3.1
Mesa-dri-vc4-24.3.3-160000.3.1
Mesa-gallium-24.3.3-160000.3.1
Mesa-libEGL-devel-24.3.3-160000.3.1
Mesa-libEGL1-24.3.3-160000.3.1
Mesa-libGL-devel-24.3.3-160000.3.1
Mesa-libGL1-24.3.3-160000.3.1
Mesa-libGLESv1_CM-devel-24.3.3-160000.3.1
Mesa-libGLESv2-devel-24.3.3-160000.3.1
Mesa-libGLESv3-devel-24.3.3-160000.3.1
Mesa-libOpenCL-24.3.3-160000.3.1
Mesa-libRusticlOpenCL-24.3.3-160000.3.1
Mesa-libd3d-24.3.3-160000.3.1
Mesa-libd3d-devel-24.3.3-160000.3.1
Mesa-libglapi-devel-24.3.3-160000.3.1
Mesa-libglapi0-24.3.3-160000.3.1
Mesa-libva-24.3.3-160000.3.1
Mesa-vulkan-device-select-24.3.3-160000.3.1
Mesa-vulkan-overlay-24.3.3-160000.3.1
libOSMesa-devel-24.3.3-160000.3.1
libOSMesa8-24.3.3-160000.3.1
libgbm-devel-24.3.3-160000.3.1
libgbm1-24.3.3-160000.3.1
libvdpau_d3d12-24.3.3-160000.3.1
libvdpau_nouveau-24.3.3-160000.3.1
libvdp...
Read the Full Advisory* bsc#1261911
* bsc#1261998
References:
* https://www.suse.com/security/cve/CVE-2026-40393.html
Get the latest Linux and open source security news straight to your inbox.