Lenovo Protection Driver Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in the Lenovo Protection Driver, in versions prior to 5.1.1110.4231. This vulnerability affects Lenovo PC Manager, Lenovo Browser, and the Lenovo App Store. It could allow a local attacker with elevated privileges to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges.

Remediation

Users are advised to update Lenovo PC Manager to version 5.1.110.5082 or later, Lenovo Browser to version 9.0.6.5061 or later, and the Lenovo App Store to version 9.0.2230.0617 or later. The Lenovo Protection Driver will automatically update when these applications are launched. To verify that the driver has been updated to version 5.1.110.4231, check the file version of lrtp.sys in the C:\Windows\System32\drivers\ directory.