CVE-2026-41054

HIGH

Missing exit out of permission check in haveged could lead to root exploit

Title source: cna
STIX 2.1

Description

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.

References (7)

Core 7

Scores

CVSS v3 7.8
EPSS 0.0000
EPSS Percentile 0.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-305
Status published
Products (34)
SUSE/Container suse/sle-micro-rancher/5.3:latest ? - 1.9.14-150400.3.11.1
SUSE/Container suse/sle-micro-rancher/5.4:latest ? - 1.9.14-150400.3.11.1
SUSE/Container suse/sle-micro/5.5:latest ? - 1.9.14-150400.3.11.1
SUSE/Image SLES15-SP4-SAP-BYOS ? - 1.9.14-150400.3.11.1
SUSE/Image SLES15-SP4-SAP-BYOS-Azure ? - 1.9.14-150400.3.11.1
SUSE/Image SLES15-SP4-SAP-BYOS-EC2 ? - 1.9.14-150400.3.11.1
SUSE/Image SLES15-SP4-SAP-BYOS-GCE ? - 1.9.14-150400.3.11.1
SUSE/Image SLES15-SP4-SAP-Hardened ? - 1.9.14-150400.3.11.1
SUSE/Image SLES15-SP4-SAP-Hardened-BYOS ? - 1.9.14-150400.3.11.1
SUSE/Image SLES15-SP4-SAP-Hardened-BYOS-Azure ? - 1.9.14-150400.3.11.1
... and 24 more
Published May 20, 2026
Tracked Since May 20, 2026