Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Image SLES15-SP4-SAP-BYOS

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2026-41054
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.21%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 08:56
Updated-05 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing exit out of permission check in haveged could lead to root exploit

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.

Action-Not Available
Vendor-SUSE
Product-SUSE Linux Enterprise Server for SAP Applications 15 SP7Image SLES15-SP4-SAP-BYOS-AzureSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Manager Proxy LTS 4.3Image SLES15-SP4-SAP-BYOS-EC2Image SLES15-SP4-SAP-Hardened-BYOS-AzureImage SLES15-SP4-SAP-Hardened-BYOSImage SLES15-SP4-SAP-BYOSSUSE Linux Enterprise Server for SAP Applications 15 SP6Image SLES15-SP4-SAP-Hardened-BYOS-EC2Image SLES15-SP4-SAP-Hardened-GCESUSE Linux Enterprise Server 15 SP7Container suse/sle-micro-rancher/5.3:latestSUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Server 15 SP6-LTSSImage SLES15-SP4-SAP-BYOS-GCEImage SLES15-SP4-SAP-HardenedSUSE Manager Retail Branch Server LTS 4.3SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Server 15 SP5-LTSSSUSE Manager Server LTS 4.3SUSE Linux Enterprise Desktop 15 SP7Container suse/sle-micro-rancher/5.4:latestSUSE Linux Enterprise Module for Basesystem 15 SP7Container suse/sle-micro/5.5:latestImage SLES15-SP4-SAP-Hardened-BYOS-GCESUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
CWE ID-CWE-305
Authentication Bypass by Primary Weakness