I don't see anything saying this was being actively exploited; the non malicious use case would set off their scanners on all MateBooks running this driver.
> While monitoring alerts related to kernel-mode attacks, one alert drew our attention:
>The alert process tree showed an abnormal memory allocation and execution in the context of services.exe by a kernel code. Investigating further, we found that an identical alert was fired on another machine around the same time.
This shows code injection taking place, via the exploited code. You are right that they don't mention what code was injected (probably they don't know)
I admit that I am reading into the line "abnormal memory allocation and execution" and thinking it's intentional.
You are right that they don't seem to know what code was being executed. Just that some code (be it real code or random garbage) was injected and executed.
> While monitoring alerts related to kernel-mode attacks, one alert drew our attention:
>The alert process tree showed an abnormal memory allocation and execution in the context of services.exe by a kernel code. Investigating further, we found that an identical alert was fired on another machine around the same time.
This shows code injection taking place, via the exploited code. You are right that they don't mention what code was injected (probably they don't know)