Login Sign Up

CVE-2022-27818

9.1 CRITICAL
Denial of Service

📋 TL;DR

CVE-2022-27818 is a vulnerability in SWHKD 1.1.5 where the software unsafely uses the /tmp/swhkd.sock pathname, allowing local attackers to cause information leaks or denial of service. This affects systems running SWHKD 1.1.5 with the vulnerable configuration. The issue stems from improper handling of temporary socket files.

💻 Affected Systems

Products:
  • SWHKD
Versions: 1.1.5
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where SWHKD is installed and running. The vulnerability is in the socket path handling.

📦 What is this software?

Swhkd by Waycrate

View all CVEs affecting Swhkd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could intercept sensitive information or crash the SWHKD service, disrupting hotkey functionality system-wide.

🟠

Likely Case

Local users could cause denial of service by interfering with the socket file, preventing SWHKD from functioning properly.

🟢

If Mitigated

With proper access controls and patching, the risk is limited to local users with specific permissions.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the affected system.
🏢 Internal Only: MEDIUM - Local users on multi-user systems could exploit this to disrupt SWHKD functionality.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system. The vulnerability involves manipulating the /tmp/swhkd.sock file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.6 and later

Vendor Advisory: https://github.com/waycrate/swhkd/releases

Restart Required: Yes

Instructions:

1. Update SWHKD to version 1.1.6 or later. 2. Stop the SWHKD service. 3. Install the updated version. 4. Restart the SWHKD service.

🔧 Temporary Workarounds

Change socket permissions

linux

Set restrictive permissions on the /tmp/swhkd.sock file to limit access

chmod 600 /tmp/swhkd.sock

Use alternative socket path

linux

Configure SWHKD to use a socket path outside of /tmp

Modify SWHKD configuration to use a different socket path

🧯 If You Can't Patch

  • Restrict access to the /tmp directory for non-privileged users
  • Monitor for unauthorized access or modifications to /tmp/swhkd.sock

🔍 How to Verify

Check if Vulnerable:

Check if SWHKD version is 1.1.5 and if /tmp/swhkd.sock exists with insecure permissions

Check Version:

swhkd --version

Verify Fix Applied:

Verify SWHKD version is 1.1.6 or later and check socket file permissions

📡 Detection & Monitoring

Log Indicators:

  • Failed SWHKD service starts
  • Permission denied errors for /tmp/swhkd.sock

Network Indicators:

  • Local socket connection attempts to /tmp/swhkd.sock

SIEM Query:

process:swhkd AND file_path:/tmp/swhkd.sock

📊 Metadata

CVE ID: CVE-2022-27818
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-668
Published: April 7, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27818, you might also want to check these:

CVE-2025-15114 9.8

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the ala...

Same vulnerability type (CWE-668)
CVE-2021-27236 9.8

This vulnerability in Mutare Voice (EVM) allows unauthenticated attackers to include local files via...

Same vulnerability type (CWE-668)
CVE-2022-24074 9.8

CVE-2022-24074 is a critical vulnerability in Whale Browser's default Whale Bridge extension that al...

Same vulnerability type (CWE-668)