NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-53174
Summary

In the Linux kernel, the following vulnerability has been resolved:

ovl: keep err zero after successful ovl_cache_get()

ovl_iterate_merged() stores PTR_ERR(cache) in err before checking
IS_ERR(cache). On success err holds the truncated cache pointer and
can be returned as a bogus non-zero error.

The syzbot reproducer reaches this through overlay-on-overlay readdir:

getdents64
iterate_dir(outer overlay file)
ovl_iterate_merged()
ovl_cache_get()
ovl_dir_read_merged()
ovl_dir_read()
iterate_dir(inner overlay file)
ovl_iterate_merged()

Only compute PTR_ERR(cache) on the error path.

Publication Date June 25, 2026, 6:16 p.m.
Registration Date June 27, 2026, 4:26 a.m.
Last Update June 25, 2026, 6:16 p.m.
Related information, measures and tools
Common Vulnerabilities List