Skip to main content

haveged CVE-2026-41054

| EUVDEUVD-2026-31076 HIGH
Authentication Bypass by Primary Weakness (CWE-305)
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
May 20, 2026 - 10:22 vuln.today
CVSS changed
May 20, 2026 - 10:22 NVD
7.8 (HIGH)
CVE Published
May 20, 2026 - 00:45 nvd
UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Local privilege escalation in haveged (HArdware Volatile Entropy Gathering and Expansion Daemon) allows authenticated low-privileged users to escalate to root via the daemon's command socket, which is affected by missing authentication for a critical function (CWE-305). The flaw was disclosed on the oss-security mailing list on 2026-05-20 by Jiri Hladky, with vendor patches available from SUSE and tracking in Debian (bug#1137096); no public exploit identified at time of analysis.

Technical ContextAI

haveged is an entropy-gathering daemon used on Linux systems to feed /dev/random with high-quality randomness by harvesting hardware volatile state via the HAVEGE algorithm. The daemon exposes a local command socket for runtime control, and the root cause is mapped to CWE-305 (Authentication Bypass by Primary Weakness / Missing Authentication for Critical Function), meaning the socket does not properly authenticate the caller before honoring privileged commands. Because haveged typically runs as root to write to kernel entropy interfaces, any command-channel weakness becomes a direct path from a local foothold to full root.

RemediationAI

Apply the vendor-released haveged packages: SUSE users should install the updates referenced in SUSE-SU-2026:2008 (https://www.suse.com/support/update/SUSE-SU-2026:2008/) and SUSE-SU-2026:2009 (https://www.suse.com/support/update/SUSE-SU-2026:2009/), and Debian users should track and install the fix from bug#1137096 once their release receives it; other distributions should pull the corresponding rebuilt package referenced by the upstream oss-security disclosure at https://www.openwall.com/lists/oss-security/2026/05/20. Exact fixed upstream version numbers were not provided in the input data, so administrators should pin to the package version named in their distribution advisory rather than an invented release tag. If patching must be deferred, compensating controls include stopping the haveged service on hosts where modern kernels (5.6+) already provide jitterentropy and haveged is redundant (trade-off: re-evaluate entropy posture on older kernels or FIPS-constrained systems), or tightening filesystem permissions and SELinux/AppArmor policy around the haveged command socket to deny access from non-root UIDs (trade-off: may break legitimate management tooling that talks to the socket).

Vendor StatusVendor

Debian

Bug #1137096
haveged
Release Status Fixed Version Urgency
bookworm, bullseye vulnerable 1.9.14-1 -
trixie vulnerable 1.9.19-12 -
forky vulnerable 1.9.20-1 -
sid fixed 1.9.21-1 -
(unstable) fixed 1.9.21-1 -

SUSE

Severity: High
Product Status
Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Container suse/sle-micro/5.5:latest Image SLES15-SP4-SAP-BYOS Image SLES15-SP4-SAP-BYOS-Azure Image SLES15-SP4-SAP-BYOS-EC2 Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-Hardened Image SLES15-SP4-SAP-Hardened-BYOS Image SLES15-SP4-SAP-Hardened-BYOS-Azure Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Image SLES15-SP4-SAP-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Hardened-GCE Affected
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Fixed

Share

CVE-2026-41054 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy