lha.sys
LG Device Manager kernel driver (Low-level Hardware Access)
lha.sys (short for 'Low-level Hardware Access') is the kernel driver bundled with LG Device Manager, a utility shipped on certain LG laptops, notably the 6th-generation Intel 'Skylake' models, to manage device firmware and hardware features.
CVE-2019-8372, published by researcher Jackson Thuraisamy in 2019, documents that the driver's interface was reachable by ordinary non-administrative users. That made a driver intended for vendor maintenance tooling usable as a stepping stone from a normal user account up to SYSTEM-level control of the machine. The signed file remains valid long after the bundled software is uninstalled, so attackers with a foothold can drop the old driver onto an otherwise patched Windows box and ride it into the kernel.
If you ever owned an LG laptop and installed LG Device Manager, uninstall it. Microsoft's Vulnerable Driver Blocklist (enabled by default in modern Windows 11 under Core Isolation) blocks it from loading.
lha.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “lha.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/lha-sys
