The vulnerability lies in the vt(4) CONS_HISTORY ioctl handler, where an insufficiently checked request size produces an integer overflow during the calculation of the buffer size. This leads to a heap allocation that is smaller than intended, and when the buffer is initialized, data is written beyond the allocated memory. The result is an out‑of‑bounds write in kernel space, which an unprivileged local user can exploit through access to a vt(4) device, potentially gaining elevated privileges. The weakness is an integer overflow, classified as CWE‑190.

The product affected is FreeBSD. Specific product versions are not listed in the advisory, so the flaw may exist in all releases of FreeBSD that expose the vt(4) interface. No version information is provided in this input, so administrators should check the latest FreeBSD security releases.

The attack vector is local, requiring an authenticated or unauthenticated user on the same system who has access to a vt(4) device. Because the flaw enabled an out‑of‑bounds write in kernel memory, the potential impact is a privilege escalation to root or arbitrary kernel code execution. No EPSS score is available, but the absence of remote access requirements suggests a moderate to high exploitation likelihood in environments where local access is trivial to obtain. The advisory does not list this vulnerability in the CISA KEV catalog, but its local privilege escalation characteristic warrants prompt patching.