ThreatPost has more details over here:
According to researchers, the vulnerability exists in a function inside the driver that accepts data sent from User Mode via Input/Output Control (IOCTL); it does so without validating the size parameter. As the name suggests, IOCTL is a system call for device-specific input/output operations.So far, no attack in the wild has been observed but it looks like an interesting bug to chain together with other vulnerabilities to gain remote access to a system. HP is releasing a patched driver but the certificate of the buggy driver has not yet been revoked, which means it can still be used for bring-your-own-vulnerable-driver (BYOVD) attacks.
“This function copies a string from the user input using ‘strncpy’ with a size parameter that is controlled by the user,” according to SentinelOne’s analysis, released on Tuesday. “Essentially, this allows attackers to overrun the buffer used by the driver.”
Thus, unprivileged users can elevate themselves into a SYSTEM account, allowing them to run code in kernel mode, since the vulnerable driver is locally available to anyone, according to the firm.