CVE-2021-3438

HIGH

HP LaserJet and Samsung Printer Drivers - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-3438. PoCs published by CrackerCat, TobiasS1402.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-3438, targeting a buffer overflow in HP LaserJet and Samsung printer drivers. The exploit leverages kernel memory manipulation via DeviceIoControl to achieve local privilege escalation (LPE).

Description

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

Exploits (2)

nomisec WORKING POC

by CrackerCat · poc

https://github.com/CrackerCat/CVE-2021-3438

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-3438, targeting a buffer overflow in HP LaserJet and Samsung printer drivers. The exploit leverages kernel memory manipulation via DeviceIoControl to achieve local privilege escalation (LPE).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: HP LaserJet and Samsung printer drivers (SSPORT.sys and BS_RCIO64.sys)

No auth needed

Prerequisites: NX (No-Execute) feature must be disabled · Access to vulnerable driver files (SSPORT.sys, BS_RCIO64.sys)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER

by TobiasS1402 · poc

https://github.com/TobiasS1402/CVE-2021-3438

View Code ZIP pw:eip

The repository contains PowerShell scripts designed to detect and remediate printer drivers vulnerable to CVE-2021-3438. The scripts check for specific manufacturer and model patterns but do not include exploit code.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Windows Print Spooler with vulnerable printer drivers (Samsung, HP, Xerox, etc.)

Auth required

Prerequisites: Access to a Windows system with vulnerable printer drivers installed · Local or domain administrative privileges to enumerate printer drivers

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.hp.com/us-en/document/ish_3900395-3833905-16

Scores

CVSS v3 7.8

EPSS 0.0290

EPSS Percentile 85.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (50)

hp/color_laser_150_4zb94a

hp/color_laser_150_4zb95a

hp/color_laser_mfp_170_4zb96a

hp/color_laser_mfp_170_4zb97a

hp/color_laser_mfp_170_6hu08a

hp/color_laser_mfp_170_6hu09a

hp/laser_100_209u7a

hp/laser_100_4zb79a

hp/laser_100_4zb80a

hp/laser_100_4zb81a

... and 40 more

Published May 20, 2021

Tracked Since Feb 18, 2026