Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : haveged vulnerability (USN-8358-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8358-1 advisory. It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use th...

[SECURITY] Fedora 44 Update: haveged-1.9.22-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

Fedora 44 : haveged (2026-02b08daa05)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-02b08daa05 advisory. Update to 1.9.22 fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation Backport fix for CVE-2026-41054: privilege escalation via command...

[SECURITY] [DLA 4616-1] haveged security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4616-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...

Debian dla-4616 : haveged - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4616 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4616-1 [email protected] https://www.debian.org/lts/security/...

USN-8358-1: haveged vulnerability

It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use this issue to execute privileged commands...

USN-8358-1 haveged vulnerability

It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use this issue to execute privileged commands...

[SECURITY] Fedora 43 Update: haveged-1.9.22-1.fc43

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

Fedora 43 : haveged (2026-5d9b0e2c17)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5d9b0e2c17 advisory. Update to 1.9.22 fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation ---- Backport fix for CVE-2026-41054: privilege escalation via...

[SECURITY] Fedora 44 Update: haveged-1.9.21-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

Fedora 44 : haveged (2026-12643837bd)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-12643837bd advisory. Backport fix for CVE-2026-41054: privilege escalation via command socket Tenable has extracted the preceding description block directly from the Fedora...

CVE-2026-41054 affecting package haveged for versions less than 1.9.22-1

CVE-2026-41054 affecting package haveged for versions less than 1.9.22-1. An upgraded version of the package is available that resolves this issue...

Debian dsa-6292 : haveged - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6292 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6292-1 [email protected] https://www.debian.org/security/...

Missing exit out of permission check in haveged could lead to root exploit

...

[SECURITY] [DSA 6292-1] haveged security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6292-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

OPENSUSE-SU-2026:10833-1 haveged-1.9.21-1.1 on GA media

These are all security issues fixed in the haveged-1.9.21-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41054

A flaw was found in haveged. The sockethandler function, responsible for handling connections to the abstract UNIX socket, incorrectly proceeds with execution even after detecting that a connecting user is not root. This oversight allows a local unprivileged user to bypass security checks and...

ALPINE-CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...