Millions of OMEN HP Gaming PCs At Risk of Cyberattack due to Driver Vulnerability

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Millions of OMEN HP Gaming PCs At Risk of Cyberattack due to Driver Vulnerability

Millions of HP OMEN Laptops and Gaming Desktops are at risk of cyberattacks due to a Severe Vulnerability (CVE-2021-3437). Exploiting the issue allows attackers to cause a denial of service state or to elevate privileges on the system and disable security solutions.

The problem is in the driver used by the OMEN Gaming Hub software. The software is preinstalled on all HP OMEN desktops and notebooks. The vulnerability stems from HP’s decision to use vulnerable code copied in part from WinRing0.sys (an open source driver) to create the HpPortIox64.sys driver that OMEN Gaming Hub software uses to read and write kernel memory, PCI configurations, input ports, and output and Model-specific register.

The vulnerability affects HP OMEN Gaming Hub versions prior to 11.6.3.0 and HP OMEN Gaming Hub SDK Package versions prior to 1.0.44. The issue affects OMEN and HP Pavilion gaming laptops and HP ENVY, HP Pavilion and OMEN desktop gaming systems.

The OMEN Gaming Hub

Read the article