A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or “0x” followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges.
Do not use User=
directive in services with numerical usernames composed by decimal digits or starting with "0x" followed by hexadecimal digits (e.g. 0x[0-9A-Fa-f]+).