CVE-2022-27817: 
Rust vulnerability analysis and mitigation

SWHKD 1.1.5 contains a vulnerability where it consumes keyboard events of unintended users. The vulnerability was discovered in April 2022 and affects the keyboard event handling functionality in SWHKD, a hotkey daemon for the Wayland graphics system (Openwall).

The daemon listens for input events on uinput device level, affecting keyboard input devices across all sessions including other Wayland sessions and text mode consoles. While the vulnerability could theoretically be used to log sensitive information like passwords from other users, recognized hotkey events are discarded by the daemon, making it primarily function as a denial of service (Openwall).

The main impact is a denial of functionality for other users, as regular key presses configured as hotkeys stop working for unintended users. While there is potential for information leakage of keyboard events, the primary effect is disruption of keyboard functionality (Openwall).

As of the 1.2.0 release, this vulnerability remains unfixed as it requires significant architectural changes. The suggested fix involves establishing systemd Session Context and pausing operations when active sessions change, but this solution has scalability concerns and portability issues across different init systems (Github Releases).

The vulnerability was discovered during a security review by the SUSE security team when evaluating the package for openSUSE Tumbleweed. The developers acknowledged the issue but noted the complexity of implementing a complete fix without compromising performance or portability (Openwall).