Dismissed
Permalink
CVE-2026-29075
8.3 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
9 packages
- mesa
- libGLX
- libgbm
- mesa-demos
- mesa-gl-headers
- mesa_i686.x86_64-linux
- driversi686Linux.mesa.x86_64-linux
- grafanaPlugins.mesak-imagesave-panel
- driversi686Linux.mesa-demos.x86_64-linux
- @mweinelt dismissed
Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in privileged runner
Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commit c35b8cd.
References
- https://github.com/mesa/mesa/security/advisories/GHSA-3j55-5q6x-2h48 x_refsource_CONFIRM
- https://github.com/mesa/mesa/commit/c35b8cd67fc89dd680ae218e49b77f6e1ee07a27 x_refsource_MISC
Affected products
mesa
- ==<= 3.5.0
Ignored packages (9)
pkgs.mesa
Open source 3D graphics library
pkgs.libGLX
Open source 3D graphics library
pkgs.libgbm
Open source 3D graphics library
pkgs.mesa-demos
Collection of demos and test programs for OpenGL and Mesa
pkgs.mesa-gl-headers
Open source 3D graphics library
pkgs.mesa_i686.x86_64-linux
Open source 3D graphics library
pkgs.driversi686Linux.mesa.x86_64-linux
Open source 3D graphics library
pkgs.grafanaPlugins.mesak-imagesave-panel
Plugin for Grafana that allows you to save image to grafana and display it in dashboard