8 matches found
CVE-2026-41054
In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...
CVE-2026-41054
In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...
UBUNTU-CVE-2026-41054
In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...
CVE-2026-41054
In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...
CVE-2026-41054
In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...
CVE-2026-41054
CVE-2026-41054 affects haveged. In haveged’s source havegecmd.c, socket_handler checks the caller via an abstract UNIX socket and returns a negative acknowledgment for non-root users, but execution is not halted, enabling a local unprivileged user to reach privileged actions (e.g., MAGIC_CHROOT)....
haveged 安全漏洞
Haveged is a random number generation tool developed by Jirka-H. Haveged has a security vulnerability; this vulnerability stems from the sockethandler function not stopping its execution when it detects that the connection user is not a root user. This allows any local non-privileged user to...