/etc/sysconfig/apm-scripts/apmscript contains the line | touch /tmp/LOW_POWER An attacker can create a link to files which will be created/touched at low battery power. Typical case is a link to /etc/nologin which will disable remote logins. apmd should use a secure place (e.g. /var/run/apmd/) for such files.
Happens in official RH7.2 also; changing "Product" field
Fixed in 3.0.2-6