High severityNVD Advisory· Published Mar 30, 2022· Updated Aug 3, 2024

CVE-2022-27816

Description

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

swhkd 1.1.5 unsafely uses a hardcoded PID file path in /tmp, enabling a local attacker to cause data loss or denial of service.

Vulnerability

SWHKD 1.1.5 unsafely uses the hardcoded path /tmp/swhks.pid for its PID file. This path is world-writable, and the daemon does not employ any file locking or ownership checks. The vulnerable code path is reachable by default when swhks (the unprivileged server component) starts; no special configuration is required. The version affected is swhkd 1.1.5 and earlier [1][2].

Exploitation

An attacker with local access to the system can exploit this by creating a symbolic link from /tmp/swhks.pid to any other file on the system that the swhks process can write to, or by placing a regular file there. When swhks is started (typically by the user's session), it will write to that path, overwriting the target file (data loss) or causing the daemon to fail (denial of service). No authentication beyond local user account access is required [1].

Impact

A successful attack leads to data loss (arbitrary file overwrite) or a denial of service by preventing the PID file from being written correctly, which can prevent swhks from starting or operating properly. The compromise is limited to file write capability available to the unprivileged swhks process; privilege escalation is not directly achieved [1].

Mitigation

The vulnerability is fixed in swhkd version 1.2.0, released on 2022-04-14 [4]. Users should upgrade to version 1.2.0 or later. As a workaround, system administrators can manually create a secure directory for the PID file or use filesystem permissions to restrict access, but the recommended mitigation is to install the patched release [1][4].

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Simple-Wayland-HotKey-Daemoncrates.io	< 1.2.0	1.2.0

Affected products

SWHKD/SWHKDdescription
ghsa-coords
pkg:cargo/simple-wayland-hotkey-daemon
Range: < 1.2.0

Patches

0b620a09605a

[patch] CVE-2022-27816

https://github.com/waycrate/swhkdShinyzenithMar 25, 2022via ghsa

commit

1 file changed · +1 −1

src/server.rs+1 −1 modified

@@ -12,7 +12,7 @@ fn main() -> std::io::Result<()> {
     env::set_var("RUST_LOG", "swhks=trace");
     env_logger::init();
 
-    let pid_file_path = String::from("/tmp/swhks.pid");
+    let pid_file_path = String::from(format!("/run/user/{}/swhks.pid", unistd::Uid::current()));
     let sock_file_path = String::from(format!("/run/user/{}/swhkd.sock", unistd::Uid::current()));
 
     if Path::new(&pid_file_path).exists() {

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-8m49-2xj8-67v9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-27816ghsaADVISORY
www.openwall.com/lists/oss-security/2022/04/14/1ghsamailing-listx_refsource_MLISTWEB
github.com/waycrate/swhkd/commit/0b620a09605afb815c6d8d8953bbb7a10a8c0575ghsax_refsource_MISCWEB
github.com/waycrate/swhkd/releases/tag/1.2.0ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000