A security expert who goes online with the moniker Jackson T. has discovered the flaw, tracked as CVE-2019-8372, while analyzing the tool’s low-level hardware access (LHA) kernel-mode driver, which is associated with the LG Device Manager system service.
The LHA kernel-mode driver (lha.sys/lha32.sys, v1.1.1703.1700) is associated with the LG Device Manager system service that loads the driver if it detects that the Product Name in the BIOS has one of the following substrings: T350, 10T370, 15U560, 15UD560, 14Z960, 14ZD960, 15Z960, 15ZD960, or Skylake Platform. This means that the driver loads with those associated models which happen to have the 6th-gen Intel Core processors (Skylake).
The researcher focused its analysis on the lha.sys and lha32.sys files shipped with version 1.1.1703.1700.
The vulnerability could allow an attacker who already has non-admin access to the targeted device to abuse the Device Manager app to escalate privileges to SYSTEM.
“This driver is used for Low-level Hardware Access (LHA) and includes IOCTL dispatch functions that can be used to read and write to arbitrary physical memory. When it is loaded, the device created by the driver is accessible to non-administrative users which could allow them to leverage those functions to elevate privileges,” the researcher explained.
The flaw was discovered on November 11 and Jackson reported it to LG on November 18.
LG provided the expert with an updated version of the driver for testing purposes a week after he notified the vendor. The researcher confirmed that the fix was correctly working. LG informed the expert on February 13 that a patch is being released.
The researcher developed proof-of-concept (PoC) exploits for Windows 7 and Windows 10, he also published a video PoC for the vulnerability.
Technical details about the issue are reported in a blog post published by the expert.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – LG Device Manager flaw, hacking)
[adrotate banner="5"]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.