CVE-2016-10156
7.8
HIGH
CVSS 3.1
EPSS 0.71%
Description
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
How to fix CVE-2016-10156
To remediate CVE-2016-10156, upgrade the affected package to a fixed version below.
- Debian/systemd—upgrade to 229-1 or later
Is CVE-2016-10156 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 229-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |