VYPR
← All advisories
Moderate severityNVD Advisory· Published Apr 7, 2022· Updated Aug 3, 2024

CVE-2022-27819

CVE-2022-27819

Description

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SWHKD 1.1.5 allows unsafe parsing via the -c option, leading to memory exhaustion and potential information leak.

Vulnerability

SWHKD 1.1.5 [1] allows unsafe parsing via the -c option. An attacker can specify any file (e.g., a block device or /dev/zero) as a configuration file, causing the parser to read indefinitely, leading to memory exhaustion. An information leak may also occur if the parser outputs file contents. [1][2]

Exploitation

An attacker must have the ability to invoke swhkd -c (e.g., through a systemd service or local command). By providing a path to a large file or a device file like /dev/zero, the parser will attempt to read the entire input, consuming all available memory until the process is killed or the system becomes unresponsive. [1]

Impact

Successful exploitation results in denial of service (memory exhaustion) of the swhkd daemon, potentially affecting system stability. Additionally, if the parser leaks file contents into error messages or logs, an information disclosure may occur. [1][2]

Mitigation

Upgrade to swhkd version 1.2.0 or later, which fixes this vulnerability. [4] If upgrading is not possible, avoid using the -c option with untrusted or device files. Restrict access to the swhkd binary and configuration paths. [1]

References
  1. security - Multiple vulnerabilities in swhkd hotkey helper for Wayland
  2. NVD - CVE-2022-27819
  3. Releases · waycrate/swhkd

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Simple-Wayland-HotKey-Daemoncrates.io
< 1.2.01.2.0

Affected products

2

Patches

1
b4e6dc76f484

[patch] CVE-2022-27819

https://github.com/waycrate/swhkdShinyzenithMar 25, 2022via ghsa
commit
3 files changed · +34 21
  • Cargo.lock+19 18 modified
    @@ -104,9 +104,9 @@ checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
 
 [[package]]
 name = "crossbeam-channel"
-version = "0.5.2"
+version = "0.5.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e54ea8bc3fb1ee042f5aace6e3c6e025d3874866da222930f70ce62aceba0bfa"
+checksum = "5aaa7bd5fb665c6864b5f963dd9097905c54125909c7aa94c9e18507cdbe6c53"
 dependencies = [
  "cfg-if",
  "crossbeam-utils",
@@ -125,10 +125,11 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-epoch"
-version = "0.9.7"
+version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c00d6d2ea26e8b151d99093005cb442fb9a37aeaca582a03ec70946f49ab5ed9"
+checksum = "1145cf131a2c6ba0615079ab6a638f7e1973ac9c2634fcbeaaad6114246efe8c"
 dependencies = [
+ "autocfg",
  "cfg-if",
  "crossbeam-utils",
  "lazy_static",
@@ -138,9 +139,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-utils"
-version = "0.8.7"
+version = "0.8.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5e5bed1f1c269533fa816a0a5492b3545209a205ca1a54842be180eb63a16a6"
+checksum = "0bf124c720b7686e3c2663cf54062ab0f68a88af2fb6a030e87e30bf721fcb38"
 dependencies = [
  "cfg-if",
  "lazy_static",
@@ -238,9 +239,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
 [[package]]
 name = "libc"
-version = "0.2.119"
+version = "0.2.121"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bf2e165bb3457c8e098ea76f3e3bc9db55f87aa90d52d0e6be741470916aaa4"
+checksum = "efaa7b300f3b5fe8eb6bf21ce3895e1751d9665086af2d64b42f19701015ff4f"
 
 [[package]]
 name = "lock_api"
@@ -253,9 +254,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.14"
+version = "0.4.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710"
+checksum = "6389c490849ff5bc16be905ae24bc913a9c8892e19b2341dbc175e14c341c2b8"
 dependencies = [
  "cfg-if",
 ]
@@ -277,9 +278,9 @@ dependencies = [
 
 [[package]]
 name = "mio"
-version = "0.8.1"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ba42135c6a5917b9db9cd7b293e5409e1c6b041e6f9825e92e55a894c63b6f8"
+checksum = "52da4364ffb0e4fe33a9841a98a3f3014fb964045ce4f7a45a398243c8d6b0c9"
 dependencies = [
  "libc",
  "log",
@@ -385,9 +386,9 @@ dependencies = [
 
 [[package]]
 name = "quote"
-version = "1.0.15"
+version = "1.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "864d3e96a899863136fc6e99f3d7cae289dafe43bf2c5ac19b70df7210c0a145"
+checksum = "b4af2ec4714533fcdf07e886f17025ace8b997b9ce51204ee69b6da831c3da57"
 dependencies = [
  "proc-macro2",
 ]
@@ -425,9 +426,9 @@ dependencies = [
 
 [[package]]
 name = "redox_syscall"
-version = "0.2.11"
+version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8380fe0152551244f0747b1bf41737e0f8a74f97a14ccefd1148187271634f3c"
+checksum = "8ae183fc1b06c149f0c1793e1eb447c8b04bfe46d48e9e48bfb8d2d7ed64ecf0"
 dependencies = [
  "bitflags",
 ]
@@ -510,9 +511,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
 
 [[package]]
 name = "syn"
-version = "1.0.86"
+version = "1.0.89"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a65b3f4ffa0092e9887669db0eae07941f023991ab58ea44da8fe8e2d511c6b"
+checksum = "ea297be220d52398dcc07ce15a209fce436d361735ac1db700cab3b6cdfb9f54"
 dependencies = [
  "proc-macro2",
  "quote",
  • Cargo.toml+2 2 modified
    @@ -23,12 +23,12 @@ exclude = [
 clap = "3.1.6"
 env_logger = "0.9.0"
 evdev = { version = "0.11.4", features = ["tokio"] }
+itertools = "0.10.3"
 log = "0.4.14"
 nix = "0.23.1"
-sysinfo = "0.23.5"
-itertools = "0.10.3"
 signal-hook = "0.3.13"
 signal-hook-tokio = { version = "0.3.1", features = ["futures-v0_3"] }
+sysinfo = "0.23.5"
 tokio = { version = "1.17.0", features = ["full"] }
 tokio-stream = "0.1.8"
  • src/daemon.rs+13 1 modified
    @@ -85,6 +85,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
     }
 
     let load_config = || {
+        seteuid(env::var("PKEXEC_UID").unwrap().parse::<u32>().unwrap()); // Dropping privileges to invoking user.
         let config_file_path: std::path::PathBuf = if args.is_present("config") {
             Path::new(args.value_of("config").unwrap()).to_path_buf()
         } else {
@@ -114,7 +115,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
     };
 
     let mut hotkeys = load_config();
-
+    seteuid(0); // Escalating back to root after reading config file.
     log::trace!("Attempting to find all keyboard file descriptors.");
     let keyboard_devices: Vec<Device> =
         evdev::enumerate().filter(check_device_is_keyboard).collect();
@@ -399,3 +400,14 @@ pub fn fetch_xdg_config_path() -> std::path::PathBuf {
     };
     config_file_path
 }
+
+pub fn seteuid(uid: u32) {
+    let uid = nix::unistd::Uid::from_raw(uid);
+    match nix::unistd::seteuid(uid) {
+        Ok(_) => log::debug!("Dropping privileges..."),
+        Err(e) => {
+            log::error!("Failed to set UID: {:#?}", e);
+            exit(1);
+        }
+    }
+}

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.