Its hard to even call this one a vulnerability, the driver developers simply expose some kernel primitives directly to userland, nothing crazy needed. The driver supporting HP OMEN Gaming Hub software directly exposes several privileged instructions through IOCTLs. Including exposing the CPU in and out instructions which are used for communicating with the I/O ports on the CPU (such as RAM or storage devices) and rdmsr and wrmsr which are used to read and write Model Specific Registers.

The majority of the post focuses on high-level exploit strategies using these primitives. Using the I/O port access to overwrite a privileged binary on the storage device with malicious code, and abusing write access toMSR_LSTAR to replace the syscall handler and point it to attacker controlled code.