Amazon Linux 2 Security Advisory: ALAS2-2026-3330
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
Severity:
Important
Issue Overview:
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. (CVE-2026-40393)
Affected Packages:
mesa
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update mesa or yum update --advisory ALAS2-2026-3330 to update your system.
New Packages:
aarch64:
mesa-libGL-18.3.4-5.amzn2.0.2.aarch64
mesa-libEGL-18.3.4-5.amzn2.0.2.aarch64
mesa-libGLES-18.3.4-5.amzn2.0.2.aarch64
mesa-filesystem-18.3.4-5.amzn2.0.2.aarch64
mesa-khr-devel-18.3.4-5.amzn2.0.2.aarch64
mesa-dri-drivers-18.3.4-5.amzn2.0.2.aarch64
mesa-vdpau-drivers-18.3.4-5.amzn2.0.2.aarch64
mesa-libGL-devel-18.3.4-5.amzn2.0.2.aarch64
mesa-libEGL-devel-18.3.4-5.amzn2.0.2.aarch64
mesa-libGLES-devel-18.3.4-5.amzn2.0.2.aarch64
mesa-libOSMesa-18.3.4-5.amzn2.0.2.aarch64
mesa-libOSMesa-devel-18.3.4-5.amzn2.0.2.aarch64
mesa-libgbm-18.3.4-5.amzn2.0.2.aarch64
mesa-libgbm-devel-18.3.4-5.amzn2.0.2.aarch64
mesa-libglapi-18.3.4-5.amzn2.0.2.aarch64
mesa-debuginfo-18.3.4-5.amzn2.0.2.aarch64
i686:
mesa-libGL-18.3.4-5.amzn2.0.2.i686
mesa-libEGL-18.3.4-5.amzn2.0.2.i686
mesa-libGLES-18.3.4-5.amzn2.0.2.i686
mesa-filesystem-18.3.4-5.amzn2.0.2.i686
mesa-khr-devel-18.3.4-5.amzn2.0.2.i686
mesa-dri-drivers-18.3.4-5.amzn2.0.2.i686
mesa-vdpau-drivers-18.3.4-5.amzn2.0.2.i686
mesa-libGL-devel-18.3.4-5.amzn2.0.2.i686
mesa-libEGL-devel-18.3.4-5.amzn2.0.2.i686
mesa-libGLES-devel-18.3.4-5.amzn2.0.2.i686
mesa-libOSMesa-18.3.4-5.amzn2.0.2.i686
mesa-libOSMesa-devel-18.3.4-5.amzn2.0.2.i686
mesa-libgbm-18.3.4-5.amzn2.0.2.i686
mesa-libgbm-devel-18.3.4-5.amzn2.0.2.i686
mesa-libxatracker-18.3.4-5.amzn2.0.2.i686
mesa-libxatracker-devel-18.3.4-5.amzn2.0.2.i686
mesa-libglapi-18.3.4-5.amzn2.0.2.i686
mesa-vulkan-drivers-18.3.4-5.amzn2.0.2.i686
mesa-debuginfo-18.3.4-5.amzn2.0.2.i686
src:
mesa-18.3.4-5.amzn2.0.2.src
x86_64:
mesa-libGL-18.3.4-5.amzn2.0.2.x86_64
mesa-libEGL-18.3.4-5.amzn2.0.2.x86_64
mesa-libGLES-18.3.4-5.amzn2.0.2.x86_64
mesa-filesystem-18.3.4-5.amzn2.0.2.x86_64
mesa-khr-devel-18.3.4-5.amzn2.0.2.x86_64
mesa-dri-drivers-18.3.4-5.amzn2.0.2.x86_64
mesa-vdpau-drivers-18.3.4-5.amzn2.0.2.x86_64
mesa-libGL-devel-18.3.4-5.amzn2.0.2.x86_64
mesa-libEGL-devel-18.3.4-5.amzn2.0.2.x86_64
mesa-libGLES-devel-18.3.4-5.amzn2.0.2.x86_64
mesa-libOSMesa-18.3.4-5.amzn2.0.2.x86_64
mesa-libOSMesa-devel-18.3.4-5.amzn2.0.2.x86_64
mesa-libgbm-18.3.4-5.amzn2.0.2.x86_64
mesa-libgbm-devel-18.3.4-5.amzn2.0.2.x86_64
mesa-libxatracker-18.3.4-5.amzn2.0.2.x86_64
mesa-libxatracker-devel-18.3.4-5.amzn2.0.2.x86_64
mesa-libglapi-18.3.4-5.amzn2.0.2.x86_64
mesa-vulkan-drivers-18.3.4-5.amzn2.0.2.x86_64
mesa-debuginfo-18.3.4-5.amzn2.0.2.x86_64