Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 43 brings vital patch for privilege elevation issue in Haveged

fedora
Calendar Grey May 30, 2026
Dist Fedora Esm H88
Critical fix for Fedora 43 Haveged to address privilege escalation via command socket. Stay secure and updated!
Update to 1.9.22 \u2014 fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation Backport fix for CVE-2026-41054: privilege escalation via command socket

Summary

A Linux entropy source using the HAVEGE algorithm

Haveged is a user space entropy daemon which is not dependent upon the

standard mechanisms for harvesting randomness for the system entropy

pool. This is important in systems with high entropy needs or limited

user interaction (e.g. headless servers).

Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)

to maintain a 1M pool of random bytes used to fill /dev/random

whenever the supply of random bits in /dev/random falls below the low

water mark of the device. The principle inputs to haveged are the

sizes of the processor instruction and data caches used to setup the

HAVEGE collector. The haveged default is a 4kb data cache and a 16kb

instruction cache. On machines with a cpuid instruction, haveged will

attempt to select appropriate values from internal tables.

Update Information:

Update to 1.9.22 \u2014 fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation Backport fix for CVE-2026-41054: privilege escalation via command socket

Topics%20covered

Topics Covered

security advisory fedora update critical privilege escalation systemd

Change Log

* Thu May 21 2026 Jirka Hladky - 1.9.22-1 - Update to 1.9.22 - Fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation * Wed May 20 2026 Jirka Hladky - 1.9.21-1 - Update to 1.9.21 - Security fix: CVE-2026-41054 \u2014 privilege escalation via command socket - Fix semaphore error handling (SEM_FAILED vs NULL) - Fix /dev/shm permissions (use 01777 with sticky bit) * Fri Jan 16 2026 Fedora Release Engineering - 1.9.18-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2480051 - CVE-2026-41054 haveged: privilege escalation via command socket https://bugzilla.redhat.com/show_bug.cgi?id=2480051

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5d9b0e2c17' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: haveged
Product: Fedora 43
Version: 1.9.22
Release: 1.fc43
URL: https://github.com/jirka-h/haveged
Summary: A Linux entropy source using the HAVEGE algorithm

Topics%20covered

Topics Covered

security advisory fedora update critical privilege escalation systemd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here