The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
Exploitability
AV:LAC:MAu:NImpact
C:NI:PA:P3.3/AV:L/AC:M/Au:N/C:N/I:P/A:P