← All drivers
vulnerable
Driver

ssport.sys

Samsung-origin printer port driver (HP / Samsung / Xerox printer installers)

From Samsung Electronics (shipped by HP, Samsung, and Xerox printer software)
Status
On a known-vulnerable list
Known variants
1 distinct hashes
Public CVEs
1
Field notes

ssport.sys is a small port driver originally written by Samsung Electronics in 2005 and bundled with hundreds of HP, Samsung, and Xerox printer installers ever since. HP acquired Samsung's printer business in 2017, which is why the same driver continued to ship across all three brands. It is not a SteelSeries driver despite the 'ss' prefix; the SteelSeries Engine drivers are unrelated.

The driver loads at every Windows boot on any machine where the printer installer ever ran (including installs that the user cancelled mid-flow). In July 2021, SentinelLabs disclosed CVE-2021-3438, a buffer-overflow vulnerability in the driver that allowed local privilege escalation. SentinelLabs estimated hundreds of millions of machines were affected because the driver had been in distribution for sixteen years before disclosure. HP shipped a fix in May 2021 alongside coordinated disclosure.

The defensive lesson is straightforward: signed drivers from mainstream peripherals (printers, scanners, webcams) are a real living-off-the-land surface, and old installers leave residue long after the device is gone. If you find ssport.sys on a machine you do not use for printing, the leftover printer software can be removed; HP, Samsung, and Xerox have published their updates through Windows Update and their own utilities.

What the record shows

ssport.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “ssport.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/ssport-sys