CVE-2026-41054

EUVD-2026-31076
In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Debian logo
Debian Releases
Debian Product
Codename
haveged
bookworm
vulnerable
bookworm (security)
1.9.14-1+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
1.9.14-1+deb11u1
fixed
forky
1.9.26-1
fixed
sid
1.9.26-1
fixed
trixie
vulnerable
trixie (security)
1.9.19-12+deb13u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
haveged
suse enterprise desktop 15 SP7
1.9.14-150600.11.6.1
fixed
suse enterprise sap 15 SP4
1.9.14-150400.3.11.1
fixed
suse enterprise sap 15 SP5
1.9.14-150400.3.11.1
fixed
suse enterprise sap 15 SP7
1.9.14-150600.11.6.1
fixed
suse enterprise server 15 SP4
1.9.14-150400.3.11.1
fixed
suse enterprise server 15 SP5
1.9.14-150400.3.11.1
fixed
suse enterprise server 15 SP6
1.9.14-150600.11.6.1
fixed
suse enterprise server 15 SP7
1.9.14-150600.11.6.1
fixed
haveged-devel
suse enterprise desktop 15 SP7
1.9.14-150600.11.6.1
fixed
suse enterprise sap 15 SP4
1.9.14-150400.3.11.1
fixed
suse enterprise sap 15 SP5
1.9.14-150400.3.11.1
fixed
suse enterprise sap 15 SP7
1.9.14-150600.11.6.1
fixed
suse enterprise server 15 SP4
1.9.14-150400.3.11.1
fixed
suse enterprise server 15 SP5
1.9.14-150400.3.11.1
fixed
suse enterprise server 15 SP6
1.9.14-150600.11.6.1
fixed
suse enterprise server 15 SP7
1.9.14-150600.11.6.1
fixed
libhavege2
suse enterprise desktop 15 SP7
1.9.14-150600.11.6.1
fixed
suse enterprise sap 15 SP4
1.9.14-150400.3.11.1
fixed
suse enterprise sap 15 SP5
1.9.14-150400.3.11.1
fixed
suse enterprise sap 15 SP7
1.9.14-150600.11.6.1
fixed
suse enterprise server 15 SP4
1.9.14-150400.3.11.1
fixed
suse enterprise server 15 SP5
1.9.14-150400.3.11.1
fixed
suse enterprise server 15 SP6
1.9.14-150600.11.6.1
fixed
suse enterprise server 15 SP7
1.9.14-150600.11.6.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
haveged
Azure Linux 3.0
0:1.9.22-1.azl3
fixed