Alerts This Week
Warning Icon 1 1,082
Alerts This Week
Warning Icon 1 1,082

Fedora 44 haveged Critical Privilege Escalation CVE-2026-41054 Fix

fedora
Calendar Grey June 7, 2026
Dist Fedora Esm H88
Update for Fedora 44 addresses CVE-2026-41054 in haveged with critical severity due to privilege escalation risk.
Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation Backport fix for CVE-2026-41054: privilege escalation via command socket

Summary

A Linux entropy source using the HAVEGE algorithm

Haveged is a user space entropy daemon which is not dependent upon the

standard mechanisms for harvesting randomness for the system entropy

pool. This is important in systems with high entropy needs or limited

user interaction (e.g. headless servers).

Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)

to maintain a 1M pool of random bytes used to fill /dev/random

whenever the supply of random bits in /dev/random falls below the low

water mark of the device. The principle inputs to haveged are the

sizes of the processor instruction and data caches used to setup the

HAVEGE collector. The haveged default is a 4kb data cache and a 16kb

instruction cache. On machines with a cpuid instruction, haveged will

attempt to select appropriate values from internal tables.

Update Information:

Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation Backport fix for CVE-2026-41054: privilege escalation via command socket

Topics%20covered

Topics Covered

security advisory fedora critical privilege escalation systemd haveged

Change Log

* Thu May 21 2026 Jirka Hladky - 1.9.22-1 - Update to 1.9.22 - Fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation

References


[ 1 ] Bug #2480051 - CVE-2026-41054 haveged: privilege escalation via command socket https://bugzilla.redhat.com/show_bug.cgi?id=2480051

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-02b08daa05' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: haveged
Product: Fedora 44
Version: 1.9.22
Release: 1.fc44
URL: https://github.com/jirka-h/haveged
Summary: A Linux entropy source using the HAVEGE algorithm

Topics%20covered

Topics Covered

security advisory fedora critical privilege escalation systemd haveged

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here