CVE Alert: CVE-2025-8061 – Lenovo – Dispatcher 3.0 Driver

Risk verdict

High risk of local privilege escalation on affected Lenovo Dispatcher drivers; requires an authenticated local user but could yield elevated code execution.

Why this matters

Exploitation enables an attacker to access or modify sensitive data, tamper with system integrity, or disrupt availability from within the host. Given consumer Lenovo notebooks commonly ship with these drivers, widespread impact is plausible across mixed user populations and IT environments.

Most likely attack path

An authenticated local user interacts with the vulnerable IOCTL exposed by the Dispatcher 3.0/3.1 driver. Due to insufficient access control, this could escalate to kernel-level privileges with no user interaction, enabling persistence or broad system compromise. The local vector and high-impact outcomes prioritise it for containment on devices where the driver is present.

Who is most exposed

Lenovo consumer laptops equipped with Dispatcher 3.0/3.1 drivers, particularly those running Windows 11 systems where Core Isolation Memory Integrity is not enabled or is bypassed; devices preloaded with Windows 11 may already be protected if Memory Integrity is active.

Detection ideas

• Monitor for suspicious IOCTL activity toward the Dispatcher device from non-admin processes
• Detect kernel-mode privilege escalations or anomalous token privileges
• Look for abnormal driver loading events or memory-corruption–related dumps
• Sysmon/EDR alerts on unusual process actions surrounding the Dispatcher service

Mitigation and prioritisation

• Apply Lenovo LEN-200860 advisory and upgrade to Dispatcher 3.1/3.0 firmware 버 3.1.0.41 or newer
• Enable Core Isolation Memory Integrity where supported
• If patching is delayed, disable or restrict the Dispatcher driver or limit local admin rights; enforce application control on IOCTL interfaces
• Verify model/firmware coverage, test in pilot groups before broad rollout, track remediation progress.