Lenovo Protection Driver Vulnerability Let Attackers Escalate Privilege and Execute Arbitrary Code
A buffer overflow vulnerability in Lenovo Protection Driver could allow local attackers with elevated privileges to execute arbitrary code on affected systems.
The vulnerability, designated as CVE-2025-4657, affects multiple Lenovo applications and poses significant security risks to desktop, ThinkCentre, laptop, and ThinkPad users.
Key Takeaways
1. Buffer overflow vulnerability allows attackers to execute arbitrary code and escalate privileges on Lenovo systems.
2. Affects Lenovo PC Manager, Browser, and App Store on desktops, laptops, and ThinkPads.
3. Update all three applications immediately to patch the vulnerable driver.
Overview of Buffer Overflow Flaw
The vulnerability exists in versions of the Lenovo Protection Driver prior to 5.1.1110.4231, where a buffer overflow condition can be exploited by attackers who have already gained local access to the system.
This type of vulnerability occurs when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory locations and allowing malicious code execution.
The flaw represents a significant security concern as it enables privilege escalation, allowing attackers to execute arbitrary code with system-level permissions.
The vulnerability was publicly disclosed on July 8, 2025, following standard responsible disclosure practices.
Security researchers have classified this as a high-priority issue due to its potential impact on system integrity and the widespread deployment of affected Lenovo software across enterprise and consumer environments.
| Risk Factors | Details |
| Affected Products | – Lenovo PC Manager (versions prior to 5.1.110.5082)- Lenovo Browser (versions prior to 9.0.6.5061)- Lenovo App Store (versions prior to 9.0.2230.0617)- Lenovo Protection Driver (versions prior to 5.1.1110.4231) |
| Impact | – Buffer overflow vulnerability- Arbitrary code execution |
| Exploit Prerequisites | – Local access to the target system- Elevated privileges required- Access to vulnerable driver file (lrtp.sys) |
| CVSS 3.1 Score | 6.7 (Medium) |
The security flaw impacts three key Lenovo applications that utilize the vulnerable Protection Driver: Lenovo PC Manager, Lenovo Browser, and Lenovo App Store.
These applications are commonly pre-installed on Lenovo systems and are widely used across the company’s device ecosystem, including desktop computers, ThinkCentre workstations, laptops, and ThinkPad business notebooks.
The driver file in question, identified as lrtp.sys, is located in the C:WindowsSystem32drivers directory and serves as a core component for the affected applications.
Users can verify their current driver version by navigating to this location, right-clicking the lrtp.sys file, selecting Properties, then Details, and checking the file version information.
Lenovo has released security patches for all affected applications and strongly recommends immediate updates.
Users should update Lenovo PC Manager to version 5.1.110.5082 or higher, Lenovo Browser to version 9.0.6.5061 or higher, and Lenovo App Store to version 9.0.2230.0617 or higher.
The company notes that the Protection Driver will automatically update when these applications are launched.
System administrators should prioritize these updates to ensure the driver reaches the secure version 5.1.110.4231 or later. Lenovo emphasizes that this advisory information is provided “as-is” and reserves the right to update recommendations as needed.
Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now
Source link
