PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43492 Linux CVE debrief

CVE-2026-43492 is a Linux kernel denial-of-service issue in the lib/crypto MPI code path. An integer underflow in mpi_read_raw_from_sgl() can occur when the function subtracts a count of leading zero bytes from an unsigned length value. Under the conditions described in the CVE record, the kernel can spin indefinitely and trigger soft lockup splats. The issue is fixed in kernel updates referenced by the official NVD and kernel.org links.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-19
Original CVE updated
2026-05-19
Advisory published
2026-05-19
Advisory updated
2026-05-19

Who should care

Linux kernel maintainers, distribution security teams, and operators running systems that expose or rely on kernel asymmetric crypto and key management interfaces should prioritize this issue. Systems that can reach the KEYCTL_PKEY_ENCRYPT path are the most relevant from the supplied description.

Technical summary

The vulnerable function mpi_read_raw_from_sgl() in lib/crypto can count more leading zero bytes than the supplied nbytes value when the scatterlist contains more bytes than expected and the first nbytes + 1 bytes are zero. Because nbytes is unsigned, subtracting the oversized zero count produces an integer underflow. The CVE description says the condition became triggerable after a later change in the asymmetric key/crypto path, and that invoking KEYCTL_PKEY_ENCRYPT with out_len larger than in_len and an all-zero input can lead to the affected code path. The observed impact is a denial of service: the kernel spins forever and may emit soft lockup warnings.

Defensive priority

High for systems that can invoke the affected kernel crypto/keyctl path, because the impact is a persistent kernel denial of service rather than a memory disclosure or privilege escalation. Even without confirmed widespread exposure, kernel hangs can have immediate operational impact.

Recommended defensive actions

  • Apply the kernel fix referenced by the official kernel.org stable commit links and your vendor's backport, if available.
  • Prioritize updates on systems using Linux kernel asymmetric crypto or key management features, especially where user space may invoke KEYCTL_PKEY_ENCRYPT.
  • Review distribution advisories or kernel changelogs that map to the referenced fix commits before scheduling maintenance.
  • Monitor affected fleets for soft lockup warnings or unexplained kernel hangs until patched.
  • If you maintain a downstream kernel, validate that the fix is present in your branch rather than assuming the upstream commit hash alone is sufficient.

Evidence notes

All substantive claims here are drawn from the CVE description supplied in the source corpus and the official reference URLs attached to the record. The publishedAt and modifiedAt timestamps are both 2026-05-19T12:16:18.880Z, which is used here only as disclosure timing context. No CVSS score or formal severity was provided in the supplied record. The source corpus does not include affected version ranges, so none are stated here.

Official resources

CVE published and last modified on 2026-05-19T12:16:18.880Z. The CVE record cites Linux kernel code behavior and official kernel.org references for the fix; no separate embargo or KEV metadata was provided in the supplied corpus.