The actual flaw lies in the scripts that set up Linux Unified Key Setup or encryption of the system partition.
Hence this is only exploitable if one has encrypted the system partition while installing Linux. This option is available to Debian and Ubuntu users.
One needs physical access to a machine to exploit this; however, it can be exploited remotely in the case of a cloud environment.
Each time the system tries to mount the partition the user gets more password tries. But finally when the maximum for this is reached, the user is dropped to a root shell. One can thus just hold down the enter key and after a while this shell will appear.
Data is not at risk of theft as the disk has been encrypted. But since the boot partition is typically unencrypted, it can be used to store an executable file with the SetUID option. A local user can then use this later to elevate privileges.
Further, any other disks on the system can be accessed. The encrypted partition can be copied over as well and a brute-force attack can be carried out to access the contents.