Threat Advisory

High Severity Privilege Escalation Vulnerability in Lenovo Dispatcher Driver

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY:

A high-severity local privilege-escalation vulnerability has been identified in Lenovo’s Dispatcher driver stack, tracked as CVE-2025-8061. The flaw allows a local, authenticated user to send crafted IOCTL requests to the vulnerable LnvMSRIO.sys / Dispatcher driver, abuse kernel read/write primitives to leak kernel addresses and bypass mitigations and ultimately achieve kernel-level code execution (SYSTEM). Public proof-of-concept code and technical writeups demonstrate practical exploitation in many environments.

  • CVE-2025-8061: The issue stems from insufficient access controls and improper validation in the Dispatcher driver’s IOCTL interface. A non-privileged attacker can invoke privileged IOCTLs to perform MSR and physical memory read/write operations and leak sensitive kernel state (for example LSTAR), which enables bypassing ASLR/SMEP and other protections. Exploits chain these primitives to perform token-stealing or patch kernel structures, spawn a SYSTEM shell, and persist — including techniques that facilitate reflective driver loading to evade driver signature enforcement. CVSS v3.1 score is 7.0.

This vulnerability poses a serious risk for systems with the affected Lenovo Dispatcher driver installed: successful exploitation can lead to full local system compromise (SYSTEM), persistent backdoors or unsigned code execution, and increased enterprise exposure if an attacker gains a non-privileged foothold.

RECOMMENDATION:

We strongly recommend you update Lenovo Dispatcher to version 3.1.0.41 or later.

REFERENCES:

The following reports contain further technical details:

https://cybersecuritynews.com/lenovo-code-execution-vulnerability-poc/

crossmenu