Fluid Attacks Database

Description

Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 13	mesa	=25.0.7-2 \|\| =25.1.0-1 \|\| =25.1.5-1 \|\| =25.1.7-1 \|\| =25.2.0-1 \|\| =25.2.1-1 \|\| =25.2.1-2 \|\| =25.2.2-1 \|\| =25.2.3-1 \|\| =25.2.3-1~bpo13+1 \|\| =25.2.4-1 \|\| =25.2.4-1~bpo13+1 \|\| =25.2.4-1~bpo13+2 \|\| =25.2.5-1 \|\| =25.2.6-1 \|\| =25.2.6-1~bpo13+1 \|\| =25.2.7-1 \|\| =25.2.8-1 \|\| =25.2.8-2 \|\| =25.3.0-1 \|\| =25.3.0~rc1-1 \|\| =25.3.0~rc2-1 \|\| =25.3.0~rc4-1 \|\| =25.3.1-1 \|\| =25.3.2-1 \|\| =25.3.2-2 \|\| =25.3.3-1 \|\| =26.0.0-1 \|\| =26.0.0~rc3-1 \|\| =26.0.1-1 \|\| =26.0.1-2 \|\| =26.0.2-1 \|\| =26.0.3-1 \|\| =26.0.4-1 \|\| =26.0.5-1 \|\| =26.1.0~rc1-1 \|\| =26.1.0~rc2-1
debian 11	mesa	=20.3.5-1 \|\| =21.0.0-1 \|\| =21.0.0~rc2-1 \|\| =21.0.0~rc3-1 \|\| =21.0.0~rc4-1 \|\| =21.0.0~rc5-1 \|\| =21.0.1-1 \|\| =21.0.1-2 \|\| =21.0.2-1 \|\| =21.1.0-1 \|\| =21.1.0-2 \|\| =21.1.0-3 \|\| =21.1.0-4 \|\| =21.1.2-1 \|\| =21.1.4-1 \|\| =21.1.6-1 \|\| =21.2.0-1 \|\| =21.2.1-1 \|\| =21.2.1-2 \|\| =21.2.2-1 \|\| =21.2.2-1+riscv64 \|\| =21.2.3-1 \|\| =21.2.3-2 \|\| =21.2.4-1 \|\| =21.2.5-1 \|\| =21.2.6-1 \|\| =21.3.0~rc5-1 \|\| =21.3.3-1 \|\| =21.3.4-1 \|\| =21.3.5-1 \|\| =21.3.7-1 \|\| =21.3.8-1 \|\| =22.0.0-1 \|\| =22.0.0~rc2-1 \|\| =22.0.1-1 \|\| =22.0.1-2 \|\| =22.0.2-1 \|\| =22.0.3-1 \|\| =22.0.4-1 \|\| =22.0.5-1 \|\| =22.1.0-1 \|\| =22.1.0~rc3-1 \|\| =22.1.0~rc5-1 \|\| =22.1.3-1 \|\| =22.1.5-1 \|\| =22.2.0-1 \|\| =22.2.0~rc1-1 \|\| =22.2.0~rc2-1 \|\| =22.2.0~rc3-1 \|\| =22.2.0~rc3-1exp1 \|\| =22.2.0~rc3-2 \|\| =22.2.1-1 \|\| =22.2.2-1 \|\| =22.2.3-1 \|\| =22.2.4-1 \|\| =22.3.0-1 \|\| =22.3.0-2 \|\| =22.3.0-3 \|\| =22.3.0~rc1-1 \|\| =22.3.0~rc1-2 \|\| =22.3.0~rc1-3 \|\| =22.3.0~rc3-1 \|\| =22.3.0~rc4-1 \|\| =22.3.1-1 \|\| =22.3.2-1 \|\| =22.3.3-1 \|\| =22.3.4-1 \|\| =22.3.5-1 \|\| =22.3.6-1 \|\| =23.0.0-1 \|\| =23.0.0~rc1-1 \|\| =23.0.0~rc4-1 \|\| =23.0.1-1 \|\| =23.0.2-1 \|\| =23.1.0-1 \|\| =23.1.0~rc2-1 \|\| =23.1.0~rc3-1 \|\| =23.1.1-1 \|\| =23.1.2-1 \|\| =23.1.3-1 \|\| =23.1.4-1 \|\| =23.1.6-1 \|\| =23.1.7-1 \|\| =23.2.0~rc2-1 \|\| =23.2.0~rc3-1 \|\| =23.2.0~rc3-2 \|\| =23.2.0~rc3-3 \|\| =23.2.0~rc4-1 \|\| =23.2.1-1 \|\| =23.3.0-1 \|\| =23.3.0-2 \|\| =23.3.0~rc1-1 \|\| =23.3.0~rc2-1 \|\| =23.3.0~rc3-1 \|\| =23.3.0~rc4-1 \|\| =23.3.0~rc5-1 \|\| =23.3.1-1 \|\| =23.3.1-1+exp1 \|\| =23.3.1-2 \|\| =23.3.1-3 \|\| =23.3.1-4 \|\| =23.3.2-1 \|\| =23.3.2-2 \|\| =23.3.3-1 \|\| =23.3.3-2 \|\| =23.3.3-3 \|\| =23.3.4-1 \|\| =23.3.5-1 \|\| =24.0.0-1 \|\| =24.0.0-2 \|\| =24.0.0~rc1-1 \|\| =24.0.0~rc2-1 \|\| =24.0.0~rc3-1 \|\| =24.0.1-1 \|\| =24.0.2-1 \|\| =24.0.3-1 \|\| =24.0.4-1 \|\| =24.0.5-1 \|\| =24.0.6-1 \|\| =24.0.7-1 \|\| =24.0.8-1 \|\| =24.1.0-1 \|\| =24.1.0-2 \|\| =24.1.0~rc1-1 \|\| =24.1.0~rc2-1 \|\| =24.1.0~rc3-1 \|\| =24.1.1-1 \|\| =24.1.1-2 \|\| =24.1.2-1 \|\| =24.1.3-1 \|\| =24.1.3-2 \|\| =24.1.5-1 \|\| =24.1.5-2 \|\| =24.1.5-3 \|\| =24.1.6-1 \|\| =24.2.0-1 \|\| =24.2.0-2 \|\| =24.2.0~rc3-1 \|\| =24.2.0~rc3-2 \|\| =24.2.0~rc4-1 \|\| =24.2.1-1 \|\| =24.2.1-2 \|\| =24.2.1-3 \|\| =24.2.1-4 \|\| =24.2.2-1 \|\| =24.2.2-1+exp1 \|\| =24.2.2-1~bpo12+1 \|\| =24.2.3-1 \|\| =24.2.3-1+x32 \|\| =24.2.4-1 \|\| =24.2.4-1~bpo12+1 \|\| =24.2.6-1 \|\| =24.2.7-1 \|\| =24.2.8-1 \|\| =24.2.8-1~bpo12+1 \|\| =24.3.0-1 \|\| =24.3.0~rc1-1 \|\| =24.3.0~rc2-1 \|\| =24.3.3-1 \|\| =24.3.4-1 \|\| =24.3.4-2 \|\| =24.3.4-3 \|\| =25.0.0-1 \|\| =25.0.0~rc1-1 \|\| =25.0.0~rc1-2 \|\| =25.0.0~rc2-1 \|\| =25.0.0~rc3-1 \|\| =25.0.1-1 \|\| =25.0.1-2 \|\| =25.0.2-1 \|\| =25.0.3-1 \|\| =25.0.4-1 \|\| =25.0.4-1~bpo12+1 \|\| =25.0.5-1 \|\| =25.0.5-2 \|\| =25.0.7-1 \|\| =25.0.7-2 \|\| =25.0.7-2~bpo12+1 \|\| =25.1.0-1 \|\| =25.1.5-1 \|\| =25.1.7-1 \|\| =25.2.0-1 \|\| =25.2.1-1 \|\| =25.2.1-2 \|\| =25.2.2-1 \|\| =25.2.3-1 \|\| =25.2.3-1~bpo13+1 \|\| =25.2.4-1 \|\| =25.2.4-1~bpo13+1 \|\| =25.2.4-1~bpo13+2 \|\| =25.2.5-1 \|\| =25.2.6-1 \|\| =25.2.6-1~bpo13+1 \|\| =25.2.7-1 \|\| =25.2.8-1 \|\| =25.2.8-2 \|\| =25.3.0-1 \|\| =25.3.0~rc1-1 \|\| =25.3.0~rc2-1 \|\| =25.3.0~rc4-1 \|\| =25.3.1-1 \|\| =25.3.2-1 \|\| =25.3.2-2 \|\| =25.3.3-1 \|\| =26.0.0-1 \|\| =26.0.0~rc3-1 \|\| =26.0.1-1 \|\| =26.0.1-2 \|\| =26.0.2-1 \|\| =26.0.3-1 \|\| =26.0.4-1 \|\| =26.0.5-1 \|\| =26.1.0~rc1-1 \|\| =26.1.0~rc2-1
debian 12	mesa	=22.3.6-1+deb12u1 \|\| =23.0.0-1 \|\| =23.0.0~rc1-1 \|\| =23.0.0~rc4-1 \|\| =23.0.1-1 \|\| =23.0.2-1 \|\| =23.1.0-1 \|\| =23.1.0~rc2-1 \|\| =23.1.0~rc3-1 \|\| =23.1.1-1 \|\| =23.1.2-1 \|\| =23.1.3-1 \|\| =23.1.4-1 \|\| =23.1.6-1 \|\| =23.1.7-1 \|\| =23.2.0~rc2-1 \|\| =23.2.0~rc3-1 \|\| =23.2.0~rc3-2 \|\| =23.2.0~rc3-3 \|\| =23.2.0~rc4-1 \|\| =23.2.1-1 \|\| =23.3.0-1 \|\| =23.3.0-2 \|\| =23.3.0~rc1-1 \|\| =23.3.0~rc2-1 \|\| =23.3.0~rc3-1 \|\| =23.3.0~rc4-1 \|\| =23.3.0~rc5-1 \|\| =23.3.1-1 \|\| =23.3.1-1+exp1 \|\| =23.3.1-2 \|\| =23.3.1-3 \|\| =23.3.1-4 \|\| =23.3.2-1 \|\| =23.3.2-2 \|\| =23.3.3-1 \|\| =23.3.3-2 \|\| =23.3.3-3 \|\| =23.3.4-1 \|\| =23.3.5-1 \|\| =24.0.0-1 \|\| =24.0.0-2 \|\| =24.0.0~rc1-1 \|\| =24.0.0~rc2-1 \|\| =24.0.0~rc3-1 \|\| =24.0.1-1 \|\| =24.0.2-1 \|\| =24.0.3-1 \|\| =24.0.4-1 \|\| =24.0.5-1 \|\| =24.0.6-1 \|\| =24.0.7-1 \|\| =24.0.8-1 \|\| =24.1.0-1 \|\| =24.1.0-2 \|\| =24.1.0~rc1-1 \|\| =24.1.0~rc2-1 \|\| =24.1.0~rc3-1 \|\| =24.1.1-1 \|\| =24.1.1-2 \|\| =24.1.2-1 \|\| =24.1.3-1 \|\| =24.1.3-2 \|\| =24.1.5-1 \|\| =24.1.5-2 \|\| =24.1.5-3 \|\| =24.1.6-1 \|\| =24.2.0-1 \|\| =24.2.0-2 \|\| =24.2.0~rc3-1 \|\| =24.2.0~rc3-2 \|\| =24.2.0~rc4-1 \|\| =24.2.1-1 \|\| =24.2.1-2 \|\| =24.2.1-3 \|\| =24.2.1-4 \|\| =24.2.2-1 \|\| =24.2.2-1+exp1 \|\| =24.2.2-1~bpo12+1 \|\| =24.2.3-1 \|\| =24.2.3-1+x32 \|\| =24.2.4-1 \|\| =24.2.4-1~bpo12+1 \|\| =24.2.6-1 \|\| =24.2.7-1 \|\| =24.2.8-1 \|\| =24.2.8-1~bpo12+1 \|\| =24.3.0-1 \|\| =24.3.0~rc1-1 \|\| =24.3.0~rc2-1 \|\| =24.3.3-1 \|\| =24.3.4-1 \|\| =24.3.4-2 \|\| =24.3.4-3 \|\| =25.0.0-1 \|\| =25.0.0~rc1-1 \|\| =25.0.0~rc1-2 \|\| =25.0.0~rc2-1 \|\| =25.0.0~rc3-1 \|\| =25.0.1-1 \|\| =25.0.1-2 \|\| =25.0.2-1 \|\| =25.0.3-1 \|\| =25.0.4-1 \|\| =25.0.4-1~bpo12+1 \|\| =25.0.5-1 \|\| =25.0.5-2 \|\| =25.0.7-1 \|\| =25.0.7-2 \|\| =25.0.7-2~bpo12+1 \|\| =25.1.0-1 \|\| =25.1.5-1 \|\| =25.1.7-1 \|\| =25.2.0-1 \|\| =25.2.1-1 \|\| =25.2.1-2 \|\| =25.2.2-1 \|\| =25.2.3-1 \|\| =25.2.3-1~bpo13+1 \|\| =25.2.4-1 \|\| =25.2.4-1~bpo13+1 \|\| =25.2.4-1~bpo13+2 \|\| =25.2.5-1 \|\| =25.2.6-1 \|\| =25.2.6-1~bpo13+1 \|\| =25.2.7-1 \|\| =25.2.8-1 \|\| =25.2.8-2 \|\| =25.3.0-1 \|\| =25.3.0~rc1-1 \|\| =25.3.0~rc2-1 \|\| =25.3.0~rc4-1 \|\| =25.3.1-1 \|\| =25.3.2-1 \|\| =25.3.2-2 \|\| =25.3.3-1 \|\| =26.0.0-1 \|\| =26.0.0~rc3-1 \|\| =26.0.1-1 \|\| =26.0.1-2 \|\| =26.0.2-1 \|\| =26.0.3-1 \|\| =26.0.4-1 \|\| =26.0.5-1 \|\| =26.1.0~rc1-1 \|\| =26.1.0~rc2-1
debian 14	mesa	=25.0.7-2 \|\| =25.1.0-1 \|\| =25.1.5-1 \|\| =25.1.7-1 \|\| =25.2.0-1 \|\| =25.2.1-1 \|\| =25.2.1-2 \|\| =25.2.2-1 \|\| =25.2.3-1 \|\| =25.2.3-1~bpo13+1 \|\| =25.2.4-1 \|\| =25.2.4-1~bpo13+1 \|\| =25.2.4-1~bpo13+2 \|\| =25.2.5-1 \|\| =25.2.6-1 \|\| =25.2.6-1~bpo13+1 \|\| =25.2.7-1 \|\| =25.2.8-1 \|\| =25.2.8-2 \|\| =25.3.0-1 \|\| =25.3.0~rc1-1 \|\| =25.3.0~rc2-1 \|\| =25.3.0~rc4-1 \|\| =25.3.1-1 \|\| =25.3.2-1 \|\| =25.3.2-2 \|\| =25.3.3-1 \|\| =26.0.0-1 \|\| =26.0.0~rc3-1 \|\| =26.0.1-1 \|\| =26.0.1-2 \|\| =26.0.2-1 \|\| =26.0.3-1 \|\| =26.0.4-1 \|\| =26.0.5-1 \|\| =26.1.0~rc1-1 \|\| =26.1.0~rc2-1

Aliases

1. CVE-2023-459132. NVD-2023-459133. OSV-DEBIAN-2023-459134. OSV-2023-459135. SECURITY-TRACKER-CVE-2023-45913

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.