"Millions of HP OMEN Gaming PCs Impacted by Driver Vulnerability"

Researchers at the cybersecurity firm SentinelOne have released details about a flaw in the HP OMEN driver software, which leaves millions of HP OMEN gaming laptops and desktop computers exposed to attacks. The security vulnerability, tracked as CVE-2021-3437, was found in a driver used by the OMEN Gaming Hub software that is pre-installed on all HP OMEN desktops and laptops. The flaw stems from HP's use of vulnerable code partially copied from an open-source driver to build the driver used by the OMEN Gaming Hub software for reading/writing kernel memory, PCI configurations, IO ports, and Model-Specific Registers (MSRs). Using the OMEN Gaming Hub, one can boost their gaming experience through overclocking, optimizing system settings for various gaming profiles, adjusting lighting on gaming devices and accessories, and more. Millions of PCs worldwide are impacted by the flaw as the software can also be downloaded from the Microsoft Store and installed on any Windows 10 computer with peripheral accessories sold under HP's OMEN brand. The exploitation of the flaw could allow attackers to escalate privileges and run code in kernel mode. If an attacker gains SYSTEM privileges on a targeted HP OMEN device, they could disable security products, corrupt the underlying operating system, and perform other malicious activities. This article continues to discuss the cause and potential impact of the driver vulnerability, and the patches released by HP to address it. 

Bleeping Computer reports "Millions of HP OMEN Gaming PCs Impacted by Driver Vulnerability"