Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions.
The security flaw (tracked as CVE-2021-3437) was found in a driver used by the OMEN Gaming Hub software that comes pre-installed on all HP OMEN desktops and laptops.
CVE-2021-3437 is caused by HP’s choice to use vulnerable code partially copied from WinRing0.sys, an open source driver, to build the HpPortIox64.sys driver the OMEN Gaming Hub software uses to read/write kernel memory, PCI configurations, IO ports, and Model-Specific Registers (MSRs).
The complete list of vulnerable devices is available here and it includes OMEN and HP Pavilion gaming laptops, as well as HP ENVY, HP Pavilion, and OMEN desktop gaming systems.
Millions of devices and users impacted
OMEN Gaming Hub can be used to boost one’s gaming experience through overclocking, optimizing system settings for various gaming profiles, adjusting lighting on gaming devices and accessories, and a lot more.
Considering that the software can also be downloaded from the Microsoft Store and installed on any Windows 10 computer with peripheral accessories sold under HP’s OMEN brand, millions of PCs worldwide are impacted by this flaw.
“An exploitable kernel driver vulnerability can lead an unprivileged user to SYSTEM, since the vulnerable driver is locally available to anyone,” as SentinelOne researchers explained in a report published today.
“This high severity flaw, if exploited, could allow any user on the computer, even without privileges, to escalate privileges and run code in kernel mode.”
Once attackers gain SYSTEM privileges on targeted HP OMEN devices, they can easily disable security products, overwrite system components with malicious payloads, corrupt the underlying operating system, or perform any other malicious tasks they choose.
The list of software products impacted by this vulnerability includes:
- HP OMEN Gaming Hub prior to version 11.6.3.0
- HP OMEN Gaming Hub SDK Package prior to 1.0.44
Security patches available since July
HP has released patches for this high severity vulnerability through the Microsoft Store on July 27 and has published a security advisory earlier.
SentinelOne also shared their findings in today’s report to warn users to update their software and defend their systems against attackers using CVE-2021-3437 exploits.
“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, using any OMEN-branded PC with the vulnerable driver utilized by OMEN Gaming Hub makes the user potentially vulnerable,” SentinelOne warned.
“Therefore, we urge users of OMEN PC’s to ensure they take appropriate mitigating measures without delay.”
Today’s report follows another one published by SentinelOne last month regarding a 16-year-old security vulnerability found in an HP, Xerox, and Samsung printers driver, which allows attackers to gain admin rights on systems using the vulnerable software.
Earlier this year, SentinelOne researchers also found a 12-year-old privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that threat actors can exploit to gain admin rights on unpatched Windows systems.
Source: https://www.bleepingcomputer.com/news/security/millions-of-hp-omen-gaming-pcs-impacted-by-driver-vulnerability/