CVE-2022-27815
Description
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In swhkd 1.1.5, the `/tmp/swhkd.pid` file is used unsafely, allowing local users to leak information or cause denial of service.
Vulnerability
In swhkd version 1.1.5, the daemon unsafely uses the world-writable path /tmp/swhkd.pid to store its PID. This predictable file location allows any local user to manipulate the file, leading to potential information disclosure or denial of service [1][2][4].
Exploitation
An attacker with local access can read or overwrite the /tmp/swhkd.pid file. By reading the file, the attacker can learn the PID of the swhkd daemon. By overwriting the file with arbitrary data, the attacker can cause the daemon to malfunction or crash, resulting in denial of service [1].
Impact
Successful exploitation can result in information leak (disclosure of the daemon's PID) or denial of service (crashing or disrupting the swhkd service). No privilege escalation is achieved; the attacker remains at their local user privilege level [1][2].
Mitigation
swhkd version 1.2.0 fixes CVE-2022-27815 by addressing the unsafe PID file handling. Users should upgrade to swhkd 1.2.0 or later [4].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Simple-Wayland-HotKey-Daemoncrates.io | < 1.2.0 | 1.2.0 |
Affected products
2- SWHKD/SWHKDdescription
Patches
12 files changed · +6 −2
Makefile+3 −0 modified@@ -21,6 +21,9 @@ install: @mkdir -p $(TARGET_DIR) @mkdir -p $(POLKIT_DIR) @mkdir -p /etc/$(DAEMON_BINARY) + @mkdir -p /etc/$(DAEMON_BINARY)/runtime + @sudo chown root:root /etc/$(DAEMON_BINARY)/runtime + @sudo chmod 700 /etc/$(DAEMON_BINARY)/runtime @touch /etc/$(DAEMON_BINARY)/$(DAEMON_BINARY)rc @cp ./bin/$(DAEMON_BINARY) $(TARGET_DIR) @cp ./bin/$(SERVER_BINARY) $(TARGET_DIR)
src/daemon.rs+3 −2 modified@@ -39,6 +39,7 @@ impl KeyboardState { #[tokio::main] async fn main() -> Result<(), Box<dyn std::error::Error>> { let args = set_command_line_args().get_matches(); + let invoking_uid = env::var("PKEXEC_UID").unwrap().parse::<u32>().unwrap(); env::set_var("RUST_LOG", "swhkd=warn"); if args.is_present("debug") { @@ -48,7 +49,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> { env_logger::init(); log::trace!("Logger initialized."); - let pidfile: String = String::from("/tmp/swhkd.pid"); + let pidfile: String = String::from(format!("/etc/swhkd/runtime/swhkd_{}.pid", invoking_uid)); if Path::new(&pidfile).exists() { log::trace!("Reading {} file and checking for running instances.", pidfile); let swhkd_pid = match fs::read_to_string(&pidfile) { @@ -85,7 +86,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> { } let load_config = || { - seteuid(env::var("PKEXEC_UID").unwrap().parse::<u32>().unwrap()); // Dropping privileges to invoking user. + seteuid(invoking_uid); // Dropping privileges to invoking user. let config_file_path: std::path::PathBuf = if args.is_present("config") { Path::new(args.value_of("config").unwrap()).to_path_buf() } else {
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-p4jg-pccf-h82cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-27815ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/04/14/1ghsamailing-listx_refsource_MLISTWEB
- github.com/waycrate/swhkd/commit/e661a4940df78fbb7b52c622ac4ae6a3a7f7d8aaghsax_refsource_MISCWEB
- github.com/waycrate/swhkd/releases/tag/1.2.0ghsaWEB
News mentions
0No linked articles in our index yet.