CVE-2026-53306

In the Linux kernel, the following vulnerability has been resolved:

tty: hvc iucv: fix off-by-one in number of supported devices

MAX HVC IUCV LINES == HVC ALLOC TTY ADAPTERS == 8. This is the number of entries in: static struct hvc iucv private *hvc iucv table[MAX HVC IUCV LINES];

Sometimes hvc iucv table[] is limited by: (a) if (num > hvc iucv devices) // for error detection or (b) for (i = 0; i < hvc iucv devices; i++) // in 2 places (so these 2 don't agree; second one appears to be correct to me.)

hvc iucv devices can be 0..8. This is a counter. (c) if (hvc iucv devices > MAX HVC IUCV LINES)

If hvc iucv devices == 8, (a) allows the code to access hvc iucv table[8]. Oops.