HP finds serious vulnerability in OMEN desktops and notebooks

HP finds serious vulnerability in OMEN desktops and notebooks

If you have an HP desktop or notebook, more specifically from the OMEN range (but it can also affect Envy and Pavillion), you'd better be careful. In fact, a dangerous vulnerability has recently been identified in a driver used by the OMEN Gaming Hub software, installed as standard on all OMEN devices. The bug, known as CVE-2021-3437, as reported by colleagues at Bleeping Computer, is caused by the manufacturer's choice to use vulnerable code partially copied from the WinRing0.sys open source driver to create the HpPortIox64.sys file, used by OMEN Gaming Hub for reading and writing kernel memory, PCI configurations, I // O ports and Model-Specific Register (MSR).

According to an article published by SentinelOne researchers:

An exploitable kernel driver vulnerability can lead an unprivileged user to SYSTEM, as the vulnerable driver is locally available to anyone. This very serious bug, if exploited, could allow any user of the computer, even without permissions, to increase privileges and execute code in kernel mode. Once attackers gain SYSTEM privileges on affected HP OMEN devices, they can easily disable security software, overwrite system components with malicious payloads, corrupt the underlying operating system, or perform any other activity.

The software affected by this vulnerability are:

HP OMEN Gaming Hub prior to version 11.6.3.0 HP OMEN Gaming Hub SDK Package prior to version 1.0.44 Obviously, HP recommends downloading updated versions via the Microsoft Store, so as to be safe from attacks that can undermine the security of your systems. According to SentinelOne, although no actions have been found that actually exploit this vulnerability so far, using any OMEN-branded PC with outdated software makes the user potentially vulnerable.