HP OMEN Gaming Hub

Main article: Gaming computers

2021: Detect a vulnerability to cause a denial-of-service condition

Millions of portable and desktop gaming computers HP OMEN are at risk cyber attacks due to dangerous vulnerabilities (CVE-2021-3437). The operation of the problem allows attackers to cause a denial of service state or increase privileges on the system and disable security solutions. This became known on September 15, 2021.

HP Omen 15-ek1017ur 15.6 "

The problem is contained in the driver used by software OMEN Gaming Hub. ON preinstalled on all desktop computers and HP laptops OMEN. The vulnerability is related to HP's decision to use vulnerable code, partially copied from the WinRing0.sys (driver c), open source to create the HpPortIox64.sys driver, which OMEN software Gaming Hub uses to read and write kernel memory, PCI configurations, input and output ports, and model-specific registers (Model-specific register).

The vulnerability affects HP OMEN Gaming Hub versions up to 11.6.3.0 and HP OMEN Gaming Hub SDK Package versions up to 1.0.44. The problem affects OMEN and HP Pavilion gaming laptops, as well as HP ENVY, HP Pavilion and OMEN desktop gaming systems.

OMEN Gaming Hub can be used to improve gameplay by accelerating, optimizing system settings for various game profiles, adjusting the lighting of gaming devices and accessories, etc. Considering that the software can also be downloaded from the Microsoft Store and installed on any computer running Windows 10 with peripheral accessories sold under the HP OMEN brand, the problem affects millions of computers around the world.

By elevating privileges to SYSTEM on HP OMEN devices, attackers can easily disable security security solutions, overwrite system components, harmful data damage the base operating system , or perform any other malicious actions of their choice.

HP has released fixes for this vulnerability^[1].

Notes