A security expert who goes online with the moniker Jackson T. has discovered the flaw, tracked as CVE-2019-8372, while analyzing the tool’s low-level hardware access (LHA) kernel-mode driver, which is associated with the LG Device Manager system service.
The LHA kernel-mode driver (
The vulnerability could allow an attacker who already has non-admin access to the targeted device to abuse the Device Manager app to escalate privileges to SYSTEM.
“This driver is used for Low-level Hardware Access (LHA) and includes IOCTL dispatch functions that can be used to read and write to arbitrary physical memory. When it is loaded, the device created by the driver is accessible to non-administrative users which could allow them to leverage those functions to elevate privileges,” the researcher explained.
The flaw was discovered on November 11 and Jackson reported it to LG on November 18.
LG provided the expert with an updated version of the driver for testing purposes a week after he notified the vendor. The researcher confirmed that the fix was correctly working. LG informed the expert on February 13 that a patch is being released.
The researcher developed proof-of-concept (PoC) exploits for Windows 7 and Windows 10, he also published a video PoC for the vulnerability.
Technical details about the issue are reported in a blog post published by the expert.