CVE-2026-53174

Source
https://cve.org/CVERecord?id=CVE-2026-53174
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53174.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-53174
Downstream
Published
2026-06-25T08:38:51.366Z
Modified
2026-07-02T03:51:47.134964594Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ovl: keep err zero after successful ovl_cache_get()
Details

In the Linux kernel, the following vulnerability has been resolved:

ovl: keep err zero after successful ovlcacheget()

ovliteratemerged() stores PTRERR(cache) in err before checking ISERR(cache). On success err holds the truncated cache pointer and can be returned as a bogus non-zero error.

The syzbot reproducer reaches this through overlay-on-overlay readdir:

getdents64 iteratedir(outer overlay file) ovliteratemerged() ovlcacheget() ovldirreadmerged() ovldirread() iteratedir(inner overlay file) ovliterate_merged()

Only compute PTR_ERR(cache) on the error path.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53174.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d25e4b739f8378419f990983f2542160e79738c5
Fixed
e7051909a01bfb883bfa78b27514854068ac4b85
Fixed
1711b6ed6953cee5940ca4c3a6e77f1b3798cee2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53174.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53174.json"