Millions of HP OMEN gaming PCs impacted by driver vulnerability

Bleeping Computer -

Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions.

The security flaw (tracked as CVE-2021-3437) was found in a driver used by the OMEN Gaming Hub software that comes pre-installed on all HP OMEN desktops and laptops.

CVE-2021-3437 is caused by HP’s choice to use vulnerable code partially copied from WinRing0.sys, an open source driver, to build the HpPortIox64.sys driver the OMEN Gaming Hub software uses to read/write kernel memory, PCI configurations, IO ports, and Model-Specific Registers (MSRs).

The complete list of vulnerable devices is available here and it includes OMEN and HP Pavilion gaming laptops, as well as HP ENVY, HP Pavilion, and OMEN desktop gaming systems.

Millions of devices and users impacted

OMEN Gaming Hub can be used to boost one’s gaming experience through overclocking, optimizing system

The post Millions of HP OMEN gaming PCs impacted by driver vulnerability first appeared first on Bleeping Computer.

Read More.....