A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. https://nvd.nist.gov/vuln/detail/CVE-2018-15687