The Linux kernel contains a bug where the overlay filesystem implementation mistakenly keeps a non‑zero error code after a successful cache lookup. The function ovl_iterate_merged stores the result of PTR_ERR(cache) in an error variable before verifying the pointer is actually an error, so a successful call can return a bogus non‑zero error to the caller. Based on the description, it is inferred that this can cause processes performing directory reads over overlay mounts to incorrectly interpret normal operation as a failure, potentially leading to application crashes or denial of service. The description does not explicitly state a confidentiality or integrity breach; it is inferred that the vulnerability does not directly compromise those aspects.

Linux kernel installations that include the overlayfs module and are running a version prior to the applied fix are affected. The specific vendor is the Linux kernel project, but no version range is listed in the data, so all kernels that still contain the unpatched code are considered vulnerable.

Based on the description, the likely attack vector is local: an attacker would need to interact with a system that mounts overlay filesystems and performs directory reads. The bug does not provide remote code execution or privilege escalation, so the attack surface is confined to the user with sufficient privileges to mount and access overlays. The absence of an EPSS score and the lack of KEV listing indicate a low probability of widespread exploitation. If an attacker could control overlay mounts or execute many readdir calls, they might induce repeated failures; however, orchestrating such an attack would require additional user privileges beyond ordinary read access.