PatchSiren cyber security CVE debrief

CVE-2016-10156 Systemd Project CVE debrief

CVE-2016-10156 is a local privilege-escalation flaw in systemd 228 affecting the timers feature. According to NVD, an attacker with local access and limited privileges could trigger creation of world-writable SUID files, which may allow escalation to root. The issue was fixed in systemd 229 and is rated High severity (CVSS 7.8).

Vendor: Systemd Project
Product: CVE-2016-10156
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-23
Original CVE updated: 2026-05-13
Advisory published: 2017-01-23
Advisory updated: 2026-05-13

Who should care

Linux administrators, distro maintainers, and security teams responsible for systems running systemd 228 or vendor backports of that branch—especially hosts that use systemd timers.

Technical summary

NVD lists systemd_project systemd 228 as vulnerable and assigns CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The flaw is described as residing in /src/basic/fs-util.c and affecting timer-related file handling, where incorrect permissions could lead to world-writable SUID files. NVD references GitHub patch commits and a SUSE issue tracker entry, indicating a code-level fix and vendor coordination. The supplied corpus does not include a full patch analysis, so defensive guidance should focus on version verification and patch deployment rather than behavioral assumptions beyond the cited metadata.

Defensive priority

High. This is a local privilege-escalation path to root on affected systems, which makes it especially important on multi-user Linux hosts and servers running systemd timers.

Recommended defensive actions

Verify installed systemd versions and package backports; treat version 228 as vulnerable per the supplied NVD record.
Upgrade to systemd 229 or a vendor-maintained package that includes the fix.
Review timer-related units and any filesystem artifacts for unexpected world-writable or SUID permissions.
Monitor for unauthorized creation or permission changes on privileged files and for unusual activity by low-privilege local users.
Use vendor advisories and the cited patch commits as references when validating remediation in your distribution.

Evidence notes

The supplied NVD record identifies CVE-2016-10156 as affecting systemd 228 with CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and lists the fix as systemd 229. NVD metadata also includes a SUSE bug tracker entry and two GitHub commits marked as patches, supporting that the issue was addressed in code. A public Exploit-DB reference is present in the corpus, but this debrief does not rely on it for operational details.

Official resources

CVE-2016-10156 CVE record
CVE.org
CVE-2016-10156 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected] - Issue Tracking
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory
Source reference
[email protected]

Publicly disclosed in the supplied record on 2017-01-23. NVD metadata was last modified on 2026-05-13. No Known Exploited Vulnerabilities (KEV) listing is present in the supplied corpus.