Hello, A privilege escalation vulnerability was found in haveged, the Linux entropy daemon.
CVE: CVE-2026-41054 Affected versions: All versions with command socket support (1.9.14+) Fixed in: 1.9.21 Description: The socket_handler() function in src/havegecmd.c checks the connecting peer's uid via SO_PEERCRED and sends a NAK response to non-root callers. However, after sending the NAK, execution continued into the command switch instead of returning. This allowed unprivileged local users to send commands (MAGIC_CHROOT, MAGIC_CLOSE) to the root-running daemon via the abstract UNIX socket. Impact: A local unprivileged user could force the daemon to chroot to an attacker-controlled directory or close the daemon's command socket. Fix: - Add goto out after the NAK response to properly reject non-root connections - Move the credential check before command parsing as defense in depth Links: - Release: https://github.com/jirka-h/haveged/releases/tag/v1.9.21 - Fix commit: https://github.com/jirka-h/haveged/commit/3870de0 - Hardening commit: https://github.com/jirka-h/haveged/commit/bcd7e52 - Bug report: https://bugzilla.suse.com/show_bug.cgi?id=1264086 Credit: Reported by Dirk Müller (SUSE). Thank you, Jirka Hladky
