The Linux kernel contained an off‑by‑one error in the tty hvc_iucv subsystem. The number of supported devices could be set to 8, while the array that stores device pointers only has 8 entries, indexed 0–7. When the code uses the device count as an index, it can read or write past the end of the array. This out‑of‑bounds access can corrupt kernel memory, potentially granting an attacker arbitrary code execution or causing a system crash. The flaw is a classic buffer overrun scenario and, if exploitable, would allow local privilege escalation to root or, if reachable through a service that interacts with hvc_iucv devices, could be leveraged remotely.

All Linux kernel implementations that contain the unpatched hvc_iucv driver configuration are affected. The issue exists in any release that compiled the hvc_iucv module without the patch. No specific version numbers are supplied, but the bug was addressed in the kernel commits referenced in the advisory and is present in the default kernels shipped with most distributions until the patch is applied.

The vulnerability has a CVSS score that is not provided, but its nature as an out‑of‑bounds kernel write indicates a high severity. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. The likely attack vector is local kernel exploitation, requiring the attacker to execute code with kernel privileges or to transition from a user process that can interact with hvc_iucv devices. There is no publicly known exploit at this time, but the potential for arbitrary memory corruption makes it a high‑risk issue that should be mitigated as soon as possible.