LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2001-0474 CVE STATUS: Patched CVE SUMMARY: Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0474 LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2013-1872 CVE STATUS: Patched CVE SUMMARY: The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1872 LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2013-1993 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1993 LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2019-5068 CVE STATUS: Patched CVE SUMMARY: An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5068 LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2023-45913 CVE STATUS: Patched CVE SUMMARY: Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45913 LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2023-45919 CVE STATUS: Patched CVE SUMMARY: Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45919 LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2023-45922 CVE STATUS: Patched CVE SUMMARY: glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45922 LAYER: meta PACKAGE NAME: mesa-native PACKAGE VERSION: 2_24.0.7 CVE: CVE-2023-45931 CVE STATUS: Patched CVE SUMMARY: Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45931