In src/havegecmd.c, the socket_handler function performs a credential check on the abstract UNIX socket (\0/sys/entropy/haveged). However, while it detects if the connecting user is not root (cred.uid != 0) and prepares a negative acknowledgement (ASCII_NAK), it fails to stop execution. The code proceeds to the switch statement, allowing any local unprivileged user to execute privileged commands such as MAGIC_CHROOT.
1.7b-21.7c-11.9.1-11.9.1-31.9.1-61.9.1-6ubuntu11.9.14-1ubuntu11.9.14-1ubuntu11.9.14-1ubuntu21.9.19-11ubuntu11.9.19-121.9.19-121.9.19-131.9.19-14Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H