On Tuesday, cybersecurity researchers revealed details about a severe flaw in the driver software of HP’s OMEN line of laptops. This flaw affects millions of gaming PCs, exposing them to an array of cyberattacks.
The vulnerability, also known as CVE-2021-3437, could allow cybercriminals to access kernel mode without first obtaining administrator permissions. They could then overwrite system components, disable security products, or even corrupt the operating system. The flaw was found in a driver used by OMEN’s Gaming Hub software, which comes pre-installed on all HP Omen laptops and desktops.
The list of vulnerable HP OMEN Gaming Hub versions includes:
- HP OMEN Gaming Hub prior to version 22.214.171.124
- HP OMEN Gaming Hub SDK Package prior to version 1.0.44
The OMEN Gaming Hub can be used as a PC optimizer for playing games. It’s designed to make automatic adjustments to fan speeds and control lighting and accessories to ensure the best gaming experience.
SentinelOne, the cybersecurity company which reported the shortcoming to HP on February 17, claims it found no evidence of exploitation by bad actors. The company has since published a security update to advise its customers about these vulnerabilities and urge them to update their software.
“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, using any OMEN-branded PC with the vulnerable driver utilized by OMEN Gaming Hub makes the user potentially vulnerable,” SentinelOne researchers warned, adding: “Therefore, we urge users of OMEN PC’s to ensure they take appropriate mitigating measures without delay.”
The report also stated: “The problem is that HP OMEN Command Center includes a driver that, while ostensibly developed by HP, is actually a partial copy of another driver full of known vulnerabilities.”
“In the right circumstances, an attacker with access to an organization’s network may also gain access to execute code on unpatched systems and use these vulnerabilities to gain local elevation of privileges. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement.”
Earlier this year, SentinelOne researchers discovered a 12-year-old privilege-escalation bug in Microsoft Defender Antivirus and, last month, the company published a report about a 16-year-old security vulnerability found in an HP, Xerox, and Samsung printers driver.