Security expert discovered a privilege escalation flaw that could be exploited by attackers to elevate permissions to SYSTEM in the LG Device Manager application for LG laptops.
A security expert who goes online with the moniker Jackson T. has discovered the flaw, tracked as CVE-2019-8372, while analyzing the tool’s low-level hardware access (LHA) kernel-mode driver, which is associated with the LG Device Manager system service.
The LHA kernel-mode driver (lha.sys/lha32.sys, v1.1.1703.1700) is associated with the LG Device Manager system service that loads the driver if it detects that the Product Name in the BIOS has one of the following substrings: T350, 10T370, 15U560, 15UD560, 14Z960, 14ZD960, 15Z960, 15ZD960, or Skylake Platform. This means that the driver loads with those associated models which happen to have the 6th-gen Intel Core processors (Skylake).
The researcher focused its analysis on the lha.sys and lha32.sys files shipped with version 1.1.1703.1700.
The vulnerability could allow an attacker who already has non-admin access to the targeted device to abuse the Device Manager app to escalate privileges to SYSTEM.
“This driver is used for Low-level Hardware Access (LHA) and includes IOCTL dispatch functions that can be used to read and write to arbitrary physical memory. When it is loaded, the device created by the driver is accessible to non-administrative users which could allow them to leverage those functions to elevate privileges,” the researcher explained.
The flaw was discovered on November 11 and Jackson reported it to LG on November 18.
LG provided the expert with an updated version of the driver for testing purposes a week after he notified the vendor. The researcher confirmed that the fix was correctly working. LG informed the expert on February 13 that a patch is being released.
The researcher developed proof-of-concept (PoC) exploits for Windows 7 and Windows 10, he also published a video PoC for the vulnerability.
Technical details about the issue are reported in a blog post published by the expert.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.