The CVE-2021-3438 Vulnerability
New information has recently been revealed regarding a severe printer driver security issue that was not discovered for almost a decade. The issue concerns HP, Xerox, and Samsung printers and, according to researchers, could possibly lead to escalation of privilege attacks.
With a CVSS score of 8.8, the flaw is tracked as CVE-2021-3438 and revolves around a printer driver installation package named “SSPORT.SYS” that has a buffer overflow that may be used to run remote code and provide exceeded privileges to an attacker. It has been estimated that hundreds of millions of printers have been distributed with this vulnerable driver up to this point. The good news is that there is no proof that the flaw has been used in actual attacks so far.
However, an advisory issued in May this year, warned that a buffer overflow in some HP LaserJet and Samsung printers software drivers may result in an escalation of privilege.
The threat intelligence experts from SentinelLabs brought the problem to HP’s attention on February 18, 2021, after which HP released a patch for the impacted printers on May 19, 2021.
As per what has been explained, the printer driver does not sanitize the size of the user input, enabling a potential attacker to escalate privileges and execute malicious code in kernel mode on systems with the vulnerable driver installed. The vulnerable function inside the driver takes data from User Mode through IOCTL (Input/Output Control) without verifying the size parameter. To summarize, this function enables attackers to take control of the buffer that the driver is using.
Unfortunately, this isn’t the only case where vulnerabilities in outdated software drivers have been found. Awareness of such critical privilege escalation vulnerabilities, however, needs to be raised among users before malicious actors take action and launch mass attacks on vulnerable devices.