What is GHSA-c5g3-m8p9-m3gh?

GHSA-c5g3-m8p9-m3gh is a security advisory published by GitHub Security Advisories with High severity. In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract...

Which CVE IDs does GHSA-c5g3-m8p9-m3gh cover?

GHSA-c5g3-m8p9-m3gh covers the following CVE IDs: CVE-2026-41054. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-c5g3-m8p9-m3gh?

GHSA-c5g3-m8p9-m3gh has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-c5g3-m8p9-m3ghHighCVSS 7.8

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 22, 2026

🔗 CVE IDs covered (1)

CVE-2026-41054 →

📋 Description

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2026-41054
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054
http://www.openwall.com/lists/oss-security/2026/05/19/3
http://www.openwall.com/lists/oss-security/2026/05/19/4
http://www.openwall.com/lists/oss-security/2026/05/19/5
http://www.openwall.com/lists/oss-security/2026/05/20/1
http://www.openwall.com/lists/oss-security/2026/05/21/17
http://www.openwall.com/lists/oss-security/2026/05/22/1
https://github.com/advisories/GHSA-c5g3-m8p9-m3gh