Serious Flaw Found in HP OMEN Driver

A serious flaw has been found in the driver of a popular PC gaming software used by millions. 

Researchers from SentinelLabs published details of the vulnerability in the HP Omen Gaming Hub on September 14. They said that attackers could exploit the flaw to locally escalate to kernel-mode privileges.

“With this level of access, attackers can disable security products, overwrite system components, corrupt the OS, or perform any malicious operations unimpeded,” wrote researchers. 

Omen comes preinstalled on all HP OMEN desktops and laptops and can be used to control and optimize settings such as device GPU, fan speeds, CPU overclocking, memory and more. 

The vulnerability was reported to HP on February 17, 2021, and was later given a Common Vulnerability Scoring System (CVSS) score of 7.8, making it a high-severity flaw. 

No evidence of the flaw’s being exploited in the wild was discovered by SentinelOne. 

“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, using any OMEN-branded PC with the vulnerable driver utilized by OMEN Gaming Hub makes the user potentially vulnerable,” noted researchers. “Therefore, we urge users of OMEN PCs to ensure they take appropriate mitigating measures without delay.”

Commenting on the newly unearthed flaw, Jamie Boote, security consultant at the Synopsys Software Integrity Group, said, "With the rise of remote workers during the Covid-19 Pandemic, the collision between corporate IT environments and personal hardware will only rise as employees supply more of their own hardware to continue to customize and equip their home offices. 

“It is impossible to anticipate all potential driver and hardware vulnerabilities that can arise from these situations, so it is important for IT departments to recognize and react to threats such as these when they’re made public.”

Boote added that the enforcement of proactive security measures such as keeping up with threat intelligence feeds, limiting software installations to only approved software sources and maintaining approved workstation images can limit the impact of threats such as this gaming hub privilege escalation bug. 

“Perhaps this vulnerability is a reminder of why it’s called 'The Bleeding Edge,'” said Boote.

What’s Hot on Infosecurity Magazine?