CVE-2022-27818: 
Rust vulnerability analysis and mitigation

SWHKD 1.1.5, a hotkey daemon written in Rust for the Wayland graphics system, contains a vulnerability where it unsafely uses the /tmp/swhkd.sock pathname for its UNIX domain socket. The vulnerability was discovered in March 2022 and disclosed in April 2022, affecting the communication between the daemon (swhkd) and server (swhks) components of the software (Openwall Report).

The vulnerability stems from the daemon connecting to a fixed UNIX domain socket path at /tmp/swhkd.sock for communication with the unprivileged swhks sibling process. This implementation creates a security risk as the socket file is created in a directory with insecure permissions, allowing potential unauthorized access (CWE Report).

The vulnerability can lead to two primary security issues: a local denial of service (DoS) where an attacker can pre-create the pathname to prevent the daemon from sending hotkey events and block the unprivileged server component from starting up successfully, and a local information leak where an attacker can place their own UNIX domain socket to intercept hotkey events containing potentially sensitive command execution data (Openwall Report).

The vulnerability was addressed by upstream developers by relocating the socket into the unprivileged user's private /run/user/$UID directory. This fix was implemented in commit 3187d7fc75fe5833f903b342941eebc1a56e5979 and was included in version 1.2.0 of SWHKD (GitHub Release).