A privilege escalation flaw has been discovered which could affect the online safety and privacy of LG laptop users. According to the online security expert who discovered the flaw, this loophole is relatively easy for hackers to take advantage of.
Security expert and researcher Jackson T. found the flaw while analyzing the LG Device Manager system and in doing so was able to track the flaw as CVE-2019-8372. At the time, Jackson was merely evaluating the LG Device Manager’s low-level hardware access (LHA) kernel-mode driver.
The LHA kernel-mode driver is responsible for loading the driver whenever it identifies the following substrings in the BIOS Product Name:
- T350
- 10T370
- 15U560
- 14Z960
- 14ZD960
- 15Z960
- 15ZD960
In a nutshell, the driver loads with models that contain the 6th-gen Intel Core processors such as the Skylake platform.
However, the focus of Jackson’s analysis was the lha32.sys and basic lha.sys files that are conveyed through 1.1.1703.1700.
According to Jackson, this loophole exposes the device to attackers who could use their non-admin access to exploit the Device Manager app and use it to increase their SYSTEM privileges.
When loaded, the driver creates a device that can be accessed by non-administrative users, thus making it vulnerable to those users who could easily escalate their privileges. Otherwise, this driver is ordinarily used for Low-level Hardware Access (LHA), although it does incorporate IOCTL dispatch functions as well. The latter can be used to read and write random physical memory.
According to reports, Jackson discovered the flaw on November 11 and alerted LG about it on November 18.
LG gave Jackson an updated version of the driver so he could test it for any loopholes it might have and the expert was able to confirm that the driver was now working optimally with no weak points. On February 13, LG informed Jackson that they were working on a patch that would be released momentarily.
Meanwhile, Jackson was proactive enough to create a video PoC for the vulnerability, in addition to developing proof-of-concept (PoC) exploits that could be used for Windows 7 and Windows 10 systems.