PT-2022-3831 · Swhkd · Swhkd

Matthias Gerstner

Published

2022-03-24

Updated

2022-04-21

CVE-2022-27817

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions SWHKD version 1.1.5

Description The issue is related to the consumption of keyboard events by SWHKD, potentially causing an information leak or denial of functionality. It is associated with shortcomings in the controlled area system boundaries of the Wayland display server protocol implementation. Exploitation of this issue could allow an attacker to cause a denial of service.

Recommendations For SWHKD version 1.1.5, consider disabling the consumption of keyboard events by unintended users as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of an information leak.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

BDU:2022-04630

CVE-2022-27817

GHSA-H5WH-7H2J-H999

Affected Products

Swhkd

PT-2022-3831 · Swhkd · Swhkd

CVE-2022-27817

Weakness Enumeration

Related Identifiers

Affected Products

References · 8