Security update for Mesa SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20082-1 Final 1 1 2025-02-03T09:06:42Z current 2025-02-03T09:06:42Z 2025-02-03T09:06:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Mesa This update for Mesa fixes the following issues: - CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040). - CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041). - CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-144 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520082-1/ Link for SUSE-SU-2025:20082-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021233.html E-Mail link for SUSE-SU-2025:20082-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1222040 SUSE Bug 1222040 https://bugzilla.suse.com/1222041 SUSE Bug 1222041 https://bugzilla.suse.com/1222042 SUSE Bug 1222042 https://www.suse.com/security/cve/CVE-2023-45913/ SUSE CVE CVE-2023-45913 page https://www.suse.com/security/cve/CVE-2023-45919/ SUSE CVE CVE-2023-45919 page https://www.suse.com/security/cve/CVE-2023-45922/ SUSE CVE CVE-2023-45922 page SUSE Linux Micro 6.0 Mesa-23.3.4-8.1 Mesa-dri-23.3.4-8.1 Mesa-gallium-23.3.4-8.1 Mesa-libEGL1-23.3.4-8.1 Mesa-libGL1-23.3.4-8.1 Mesa-libglapi0-23.3.4-8.1 libgbm1-23.3.4-8.1 Mesa-23.3.4-8.1 as a component of SUSE Linux Micro 6.0 Mesa-dri-23.3.4-8.1 as a component of SUSE Linux Micro 6.0 Mesa-gallium-23.3.4-8.1 as a component of SUSE Linux Micro 6.0 Mesa-libEGL1-23.3.4-8.1 as a component of SUSE Linux Micro 6.0 Mesa-libGL1-23.3.4-8.1 as a component of SUSE Linux Micro 6.0 Mesa-libglapi0-23.3.4-8.1 as a component of SUSE Linux Micro 6.0 libgbm1-23.3.4-8.1 as a component of SUSE Linux Micro 6.0 ** DISPUTED ** Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. CVE-2023-45913 SUSE Linux Micro 6.0:Mesa-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-dri-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-gallium-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libEGL1-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libGL1-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libglapi0-23.3.4-8.1 SUSE Linux Micro 6.0:libgbm1-23.3.4-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520082-1/ https://www.suse.com/security/cve/CVE-2023-45913.html CVE-2023-45913 https://bugzilla.suse.com/1222040 SUSE Bug 1222040 ** DISPUTED ** Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. CVE-2023-45919 SUSE Linux Micro 6.0:Mesa-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-dri-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-gallium-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libEGL1-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libGL1-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libglapi0-23.3.4-8.1 SUSE Linux Micro 6.0:libgbm1-23.3.4-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520082-1/ https://www.suse.com/security/cve/CVE-2023-45919.html CVE-2023-45919 https://bugzilla.suse.com/1222041 SUSE Bug 1222041 ** DISPUTED ** glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. CVE-2023-45922 SUSE Linux Micro 6.0:Mesa-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-dri-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-gallium-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libEGL1-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libGL1-23.3.4-8.1 SUSE Linux Micro 6.0:Mesa-libglapi0-23.3.4-8.1 SUSE Linux Micro 6.0:libgbm1-23.3.4-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520082-1/ https://www.suse.com/security/cve/CVE-2023-45922.html CVE-2023-45922 https://bugzilla.suse.com/1222042 SUSE Bug 1222042