Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-40393

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 days, 2 hours ago

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory …

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

References

Affected products

Mesa

<25.3.6
<26.0.1

Matching in nixpkgs

pkgs.mesa

Open source 3D graphics library

nixos-unstable 26.0.4
- nixpkgs-unstable 26.0.4
- nixos-unstable-small 26.0.4
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.libGLX

Open source 3D graphics library

nixos-unstable 26.0.4
- nixpkgs-unstable 26.0.4
- nixos-unstable-small 26.0.4
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.libgbm

Open source 3D graphics library

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0
nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.mesa-demos

Collection of demos and test programs for OpenGL and Mesa

nixos-unstable 9.0.0
- nixpkgs-unstable 9.0.0
- nixos-unstable-small 9.0.0
nixos-25.11 9.0.0
- nixos-25.11-small 9.0.0
- nixpkgs-25.11-darwin 9.0.0

pkgs.mesa-gl-headers

Open source 3D graphics library

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0
nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.mesa_i686.x86_64-linux

Open source 3D graphics library

nixos-unstable 26.0.4
- nixpkgs-unstable 26.0.4
- nixos-unstable-small 26.0.4
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.driversi686Linux.mesa.x86_64-linux

Open source 3D graphics library

nixos-unstable 26.0.4
- nixpkgs-unstable 26.0.4
- nixos-unstable-small 26.0.4
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.grafanaPlugins.mesak-imagesave-panel

Plugin for Grafana that allows you to save image to grafana and display it in dashboard

nixos-unstable 1.0.4
- nixpkgs-unstable 1.0.4
- nixos-unstable-small 1.0.4

pkgs.driversi686Linux.mesa-demos.x86_64-linux

Collection of demos and test programs for OpenGL and Mesa

nixos-unstable 9.0.0
- nixpkgs-unstable 9.0.0
- nixos-unstable-small 9.0.0
nixos-25.11 9.0.0
- nixos-25.11-small 9.0.0
- nixpkgs-25.11-darwin 9.0.0

Package maintainers

@K900 Ilya K. <me@0upti.me>
@vcunat Vladimír Čunát <v@cunat.cz>
@andersk Anders Kaseorg <andersk@mit.edu>
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>