Skip to main content

Linux Kernel EUVDEUVD-2026-30884

| CVE-2026-43493 CRITICAL
2026-05-19 Linux GHSA-v9g7-8cgp-9v29
Critical
Disputed · 9.8 Vendor: Linux
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (Linux) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
7.0 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 20, 2026 - 17:22 vuln.today
CVSS changed
May 20, 2026 - 17:22 NVD
9.8 (CRITICAL)
Patch available
May 19, 2026 - 12:02 EUVD
CVE Published
May 19, 2026 - 10:44 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix handling of MAY_BACKLOG requests

MAY_BACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications.

AnalysisAI

Improper handling of MAY_BACKLOG requests in the Linux kernel's pcrypt (parallel crypto) module can cause incorrect processing of EBUSY return codes and EINPROGRESS notifications, potentially leading to instability or undefined behavior in cryptographic operations. The issue affects Linux kernel versions dating back to 2.6.34 and has been resolved upstream across multiple stable branches including 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. There is no public exploit identified at time of analysis and EPSS scoring (0.02%, 5th percentile) suggests very low real-world exploitation likelihood despite the CVSS 9.8 rating.

Technical ContextAI

The vulnerability resides in the pcrypt (parallel crypto) module of the Linux kernel's crypto subsystem, which parallelizes cryptographic operations across multiple CPUs using the padata framework. The defect specifically involves the handling of requests submitted with the CRYPTO_TFM_REQ_MAY_BACKLOG flag, which permits requests to be queued when the crypto engine is busy rather than rejected outright. Such backlogged requests can legitimately return EBUSY, but the prior code path did not properly distinguish this from error states and failed to filter out asynchronous EINPROGRESS completion notifications, leading to incorrect state tracking in the crypto request lifecycle. Affected products per CPE are Linux kernel distributions identified by cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. No CWE has been assigned by NVD, though the issue is functionally a state/error-handling defect in a kernel crypto component.

RemediationAI

Vendor-released patches are available in Linux stable kernels 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1; upgrade to the appropriate fixed version for your maintained branch by consulting the commits at https://git.kernel.org/stable/c/9f1cbca178c03188e201ed175251372149bb25f2, https://git.kernel.org/stable/c/eb34e243df57e32f4c08fa191f3602ea19076276, https://git.kernel.org/stable/c/77d55bc8675ee851ed639dc9be77325a8024cf67, https://git.kernel.org/stable/c/46271895ddfb1ba41f89f7e0dffbe9c2bcf7380a, and https://git.kernel.org/stable/c/915b692e6cb723aac658c25eb82c58fd81235110, and pick up the corresponding distribution kernel package once your vendor (Red Hat, SUSE, Ubuntu, Debian, etc.) ships the backport. If immediate patching is not feasible and you do not require parallelized crypto, unloading or blacklisting the pcrypt module (modprobe -r pcrypt; add 'blacklist pcrypt' under /etc/modprobe.d/) removes the affected code path at the cost of losing parallel AEAD crypto acceleration, which may reduce IPsec or dm-crypt throughput on multi-core systems. Track distribution advisories via https://nvd.nist.gov/vuln/detail/CVE-2026-43493 for backport availability.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-30884 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy