CVE-2026-41054— Missing exit out of permission check in haveged could lead to root exploit
Possible ATT&CK Techniques 2AI
T1548 · Abuse Elevation Control Mechanism T1068 · Exploitation for Privilege EscalationAffected Version Matrix 86
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | Container suse/sle-micro-rancher/5.3:latest | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Container suse/sle-micro-rancher/5.4:latest | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Container suse/sle-micro/5.5:latest | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-BYOS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-BYOS-Azure | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-BYOS-EC2 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-BYOS-GCE | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-Hardened | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS-Azure | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS-EC2 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS-GCE | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | Image SLES15-SP4-SAP-Hardened-GCE | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Desktop 15 SP7 | ?< 1.9.14-150600.11.6.1 | affected |
?< 1.9.14-150600.11.6.1 | affected | ||
?< 1.9.14-150600.11.6.1 | affected | ||
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP7 | ?< 1.9.14-150600.11.6.1 | affected |
?< 1.9.14-150600.11.6.1 | affected | ||
?< 1.9.14-150600.11.6.1 | affected | ||
| SUSE | SUSE Linux Enterprise Micro 5.3 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Micro 5.4 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Micro 5.5 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Module for Basesystem 15 SP7 | ?< 1.9.14-150600.11.6.1 | affected |
?< 1.9.14-150600.11.6.1 | affected | ||
?< 1.9.14-150600.11.6.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server 15 SP4-LTSS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server 15 SP5-LTSS | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server 15 SP6-LTSS | ?< 1.9.14-150600.11.6.1 | affected |
?< 1.9.14-150600.11.6.1 | affected | ||
?< 1.9.14-150600.11.6.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server 15 SP7 | ?< 1.9.14-150600.11.6.1 | affected |
?< 1.9.14-150600.11.6.1 | affected | ||
?< 1.9.14-150600.11.6.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ?< 1.9.14-150600.11.6.1 | affected |
?< 1.9.14-150600.11.6.1 | affected | ||
?< 1.9.14-150600.11.6.1 | affected | ||
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP7 | ?< 1.9.14-150600.11.6.1 | affected |
?< 1.9.14-150600.11.6.1 | affected | ||
?< 1.9.14-150600.11.6.1 | affected | ||
| SUSE | SUSE Manager Proxy LTS 4.3 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Manager Retail Branch Server LTS 4.3 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected | ||
| SUSE | SUSE Manager Server LTS 4.3 | ?< 1.9.14-150400.3.11.1 | affected |
?< 1.9.14-150400.3.11.1 | affected | ||
?< 1.9.14-150400.3.11.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41054
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing exit out of permission check in haveged could lead to root exploit
Source: NVD (National Vulnerability Database)
Vulnerability Description
In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用基本弱点进行的认证绕过
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41054
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41054
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: SUSE
- CVE-2026-44933
Path Traversal in Plugin Loading in libzypp - CVE-2026-41051
csync2 uses insecure temporary directories when compiled wit - CVE-2026-41050
Helm impersonation bypass of `RESTClientGetter` retains `clu - CVE-2026-25705
Rancher Extensions have arbitrary file access via path trave - CVE-2026-25702
nftables disabled due to incorrect kernel backport
Same weakness: CWE-305
- CVE-2026-6334
OAuth authorization code client binding not enforced during - CVE-2026-2652
Authentication Bypass in mlflow/mlflow - CVE-2026-6266
Aap-controller: aap-gateway: account hijacking and unauthori - CVE-2026-4670
Improper Authentication vulnerability in Progress MOVEit Aut - CVE-2026-33472
Cryptomator Hub OAuth token exchange HTTP downgrade via getA
V. Comments for CVE-2026-41054
No comments yet