Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-43493 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-43493 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-43493 is a logic error vulnerability in the Linux kernel's pcrypt parallel cryptography module, specifically in the handling of MAY_BACKLOG asynchronous crypto requests that return EBUSY.

Technical Detail

The flaw exists in the pcrypt subsystem's request handling path, where MAY_BACKLOG requests that return an EBUSY status code are not properly handled, leading to incorrect control flow or resource mismanagement within the kernel crypto layer. An attacker or process with access to the crypto API -- potentially through unprivileged user namespaces or crafted cryptographic operations -- could trigger this condition to cause undefined behavior, which may manifest as a kernel crash (denial of service) or, depending on memory state, could be leveraged for privilege escalation. The precise exploitability beyond denial of service has not been publicly confirmed, but the CVSS score of 9.8 indicates the vulnerability is assessed as having critical impact with no authentication required.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploit maturity is assessed as none, meaning no public proof-of-concept or operational exploit has been observed or disclosed as of this briefing date.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor activity has been associated with CVE-2026-43493.

What To Do

Apply the upstream Linux kernel patch that resolves the MAY_BACKLOG handling logic in the pcrypt module as soon as it is available in your distribution's stable or security update channel. Prioritize patching on systems where unprivileged users have access to kernel crypto interfaces, particularly those with user namespace support enabled, as this expands the attack surface. If patching cannot be applied immediately, consider disabling the pcrypt module (modprobe -r pcrypt) on systems where parallel crypto offloading is not operationally required. Monitor kernel logs for unexpected crypto subsystem errors or crashes as a potential indicator of exploitation attempts. Given the critical CVSS rating, treat this as a high-priority patch cycle item even in the absence of confirmed active exploitation.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →