lnvmsrio.sys
Lenovo Dispatcher kernel driver
LnvMSRIO.sys is a kernel driver from the Lenovo Process Management / Lenovo Dispatcher package, preinstalled on many Lenovo laptops (including consumer ThinkPads, IdeaPads, and Legion gaming laptops). Its legitimate job is platform-management tasks that require reading and writing processor MSRs (model-specific registers).
It is on the public LOLDrivers list because of CVE-2025-8061, disclosed by Quarkslab in 2025: the driver exposes IOCTLs (0x9c402084 and a paired writer) that grant arbitrary read and write to any MSR to any local authenticated user. Researchers demonstrated full kernel-mode code execution by overwriting LSTAR (the address Windows jumps to on every syscall) and redirecting it into attacker-controlled memory. Multiple working exploits are public.
Lenovo published an advisory and patched in Dispatcher 3.1.0.41 (September 2025); versions up to and including 3.1.0.36 are vulnerable. Enabling Core Isolation → Memory Integrity in Windows blocks the technique, and is on by default on current Windows 11 Lenovo systems.
If this driver is on your Lenovo machine, check Lenovo Vantage or the Lenovo support page for your model and update the Dispatcher / Process Management package.
lnvmsrio.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “lnvmsrio.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/lnvmsrio-sys
