CVE-2026-43493 Linux CVE debrief

Who should care

Linux kernel maintainers, distro security teams, and operators running systems that rely on the kernel pcrypt crypto subsystem or asynchronous crypto request handling.

Technical summary

The CVE description says pcrypt did not properly handle MAY_BACKLOG requests when they returned EBUSY. The remedy is to explicitly check for EBUSY and suppress EINPROGRESS notifications that should not be treated as successful progress. Based on the source text alone, the issue appears to affect status/notification handling in the kernel crypto request flow and may lead to incorrect completion reporting or failed request processing.

Defensive priority

Moderate. This affects a core Linux kernel crypto path, so kernel updates should be tracked and applied through normal distro maintenance, especially on systems that depend on pcrypt-backed asynchronous crypto operations.

Recommended defensive actions

• Review whether your kernel branch includes the upstream pcrypt fix referenced by the CVE record.
• Apply the relevant stable kernel update from your distribution once it contains the correction.
• If you maintain downstream kernel builds, backport the pcrypt MAY_BACKLOG handling fix into supported branches.
• Monitor kernel and distro advisories for any follow-on fixes related to the crypto request notification path.

Evidence notes

Evidence is limited to the supplied CVE description and official reference metadata. The CVE text states: 'crypto: pcrypt - Fix handling of MAY_BACKLOG requests' and explains that MAY_BACKLOG requests can return EBUSY, which the fix handles by checking for that value and filtering EINPROGRESS notifications. The NVD record lists official kernel.org stable commit references, supporting that this is an upstream Linux kernel fix. No CVSS score or weakness data was provided in the source corpus.

Official resources