CVE-2026-41054 PUBLISHED

Missing exit out of permission check in haveged could lead to root exploit

Assigner: suse
Reserved: 16.04.2026 Published: 20.05.2026 Updated: 20.05.2026

In src/havegecmd.c, the socket_handler function performs a credential check on the abstract UNIX socket (\0/sys/entropy/haveged). However, while it detects if the connecting user is not root (cred.uid != 0) and prepares a negative acknowledgement (ASCII_NAK), it fails to stop execution. The code proceeds to the switch statement, allowing any local unprivileged user to execute privileged commands such as MAGIC_CHROOT.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor SUSE
Product Container suse/sle-micro-rancher/5.3:latest
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Container suse/sle-micro-rancher/5.3:latest
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Container suse/sle-micro-rancher/5.4:latest
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Container suse/sle-micro-rancher/5.4:latest
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Container suse/sle-micro/5.5:latest
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Container suse/sle-micro/5.5:latest
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS-Azure
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS-Azure
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS-EC2
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS-EC2
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS-GCE
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-BYOS-GCE
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS-Azure
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS-Azure
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS-EC2
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS-EC2
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS-GCE
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-BYOS-GCE
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-GCE
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product Image SLES15-SP4-SAP-Hardened-GCE
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Desktop 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Desktop 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Desktop 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Module for Basesystem 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Module for Basesystem 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Module for Basesystem 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP7
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Micro 5.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Micro 5.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Micro 5.4
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Micro 5.4
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Micro 5.5
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Micro 5.5
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP4-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP4-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP4-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP5-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP5-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP5-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP6-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP6-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server 15 SP6-LTSS
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP4
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP4
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP4
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP5
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP5
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP5
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP6
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP6
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Linux Enterprise Server for SAP Applications 15 SP6
Versions Default: unaffected
  • affected from ? to 1.9.14-150600.11.6.1 (excl.)
Vendor SUSE
Product SUSE Manager Proxy LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Proxy LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Proxy LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Retail Branch Server LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Retail Branch Server LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Retail Branch Server LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Server LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Server LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)
Vendor SUSE
Product SUSE Manager Server LTS 4.3
Versions Default: unaffected
  • affected from ? to 1.9.14-150400.3.11.1 (excl.)

Credits

  • Dirk Mueller of SUSE finder

References

Problem Types

  • CWE-305: Authentication Bypass by Primary Weakness CWE