Expert found privilege escalation issue in LG Device Manager

Pierluigi Paganini February 19, 2019

Security expert discovered a privilege escalation flaw that could be exploited by attackers to elevate permissions to SYSTEM in the LG Device Manager application for LG laptops.

A security expert who goes online with the moniker Jackson T. has discovered the flaw, tracked as CVE-2019-8372, while analyzing the tool’s low-level hardware access (LHA) kernel-mode driver, which is associated with the LG Device Manager system service.

LG Device Manager flaw

The LHA kernel-mode driver (lha.sys/lha32.sys, v1.1.1703.1700) is associated with the LG Device Manager system service that loads the driver if it detects that the Product Name in the BIOS has one of the following substrings: T350, 10T370, 15U560, 15UD560, 14Z960, 14ZD960, 15Z960, 15ZD960, or Skylake Platform. This means that the driver loads with those associated models which happen to have the 6th-gen Intel Core processors (Skylake).

The researcher focused its analysis on the lha.sys and lha32.sys files shipped with version 1.1.1703.1700.

The vulnerability could allow an attacker who already has non-admin access to the targeted device to abuse the Device Manager app to escalate privileges to SYSTEM.

“This driver is used for Low-level Hardware Access (LHA) and includes IOCTL dispatch functions that can be used to read and write to arbitrary physical memory. When it is loaded, the device created by the driver is accessible to non-administrative users which could allow them to leverage those functions to elevate privileges,” the researcher explained.

The flaw was discovered on November 11 and Jackson reported it to LG on November 18.

LG provided the expert with an updated version of the driver for testing purposes a week after he notified the vendor. The researcher confirmed that the fix was correctly working. LG informed the expert on February 13 that a patch is being released.

The researcher developed proof-of-concept (PoC) exploits for Windows 7 and Windows 10, he also published a video PoC for the vulnerability.

Technical details about the issue are reported in a blog post published by the expert.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – LG Device Manager flaw, hacking)

[adrotate banner="5"]

[adrotate banner=”13″]



you might also like

leave a comment