In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.