Regression in signal handler.
This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd’s privileged code, which is not sandboxed and runs with full privileges.
Because this is a regression and this particular issue was introduced in 8.5p1. So it only affects versions newer than that, up until when it was fixed in 9.8p1.