HP patches extreme OMEN driver privilege escalation vulnerability

A high-impact vulnerability in OMEN Command Heart driver software program has been patched by HP.

On Tuesday, researchers from SentinelLabs revealed a technical deep-dive on the bug, tracked as CVE-2021-3437 and issued with a CVSS rating of seven.8. 

SentinelLabs says the high-severity flaw impacts “tens of millions of gadgets worldwide,” together with all kinds of OMEN gaming laptops and desktops, in addition to HP Pavilion and HP ENVY fashions.

Discovered by SentinelLabs researcher Kasif Dekel, CVE-2021-3437 is a privilege escalation vulnerability within the HP OMEN Command Heart. The gaming hub can be utilized to regulate settings to a gamer’s desire — together with fan speeds and overclocking — in addition to to watch a PC and community’s total efficiency.

A driver developed by HP and utilized by the software program, HpPortIox64.sys, is the supply of the safety challenge. Based on the researchers, code partially comes from WinRing0.sys, an OpenLibSys driver used to handle actions together with learn/write kernel reminiscence. 

“The hyperlink between the 2 drivers can readily be seen as on some signed HP variations the metadata info exhibits the unique filename and product title,” SentinelLabs famous.

Privilege escalation bugs have been discovered within the WinRing0.sys driver prior to now, together with flaws that permit customers to take advantage of the IOCTLs interface to carry out high-level actions.

A number of traces of code within the driver’s IOCTL system name perform “permit person mode purposes with low privileges to learn/write 1/2/four bytes to or from an IO port,” the group says, which might probably be exploited to permit unprivileged customers to conduct system-level actions.

“This excessive severity flaw, if exploited, might permit any person on the pc, even with out privileges, to escalate privileges and run code in kernel mode,” the researchers say. “Among the many apparent abuses of such vulnerabilities are that they may very well be used to bypass safety merchandise. An attacker with entry to a company’s community might also acquire entry to execute code on unpatched programs and use these vulnerabilities to realize native elevation of privileges. Attackers can then leverage different methods to pivot to the broader community, like lateral motion.”

HP OMEN Gaming Hub previous to model 11.6.3.Zero and the HP OMEN Gaming Hub SDK Bundle, previous to 1.0.44, are impacted. On the time of writing, there isn’t a proof that the bug has been exploited within the wild. 

SentinelLabs reported its findings on February 17, 2021. By Might 14, HP despatched a proposed repair to the researchers, but it surely was discovered that the patch was not ample. The tech large’s safety group then modified its tactic and disabled the weak function to resolve the safety flaw, delivered on June 7. A patched model of the software program was made obtainable on July 27 within the Microsoft Retailer.

“We want to thank HP for his or her method to our disclosure and for remediating the vulnerabilities rapidly,” the researchers commented. “We urge customers of those merchandise to make sure they take applicable mitigating measures directly.”

HP has revealed a safety advisory on CVE-2021-3437, describing the flaw as a privilege escalation and denial-of-service challenge.

“We consistently monitor the safety panorama and worth work that helps us establish new potential threats,” HP instructed ZDNet. “Now we have posted a safety bulletin. The safety of our prospects is all the time a high precedence and we urge all prospects to maintain their programs updated.”

Earlier and associated protection

Have a tip? Get in contact securely through WhatsApp | Sign at +447713 025 499, or over at Keybase: charlie0

Supply hyperlink

Leave a Reply