← All drivers
vulnerable
Driver

lnvmsrio.sys

Lenovo Dispatcher kernel driver

From Lenovo
Part of the Lenovo family
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Public CVEs
1
Field notes

LnvMSRIO.sys is a kernel driver from the Lenovo Process Management / Lenovo Dispatcher package, preinstalled on many Lenovo laptops (including consumer ThinkPads, IdeaPads, and Legion gaming laptops). Its legitimate job is platform-management tasks that require reading and writing processor MSRs (model-specific registers).

It is on the public LOLDrivers list because of CVE-2025-8061, disclosed by Quarkslab in 2025: the driver exposes IOCTLs (0x9c402084 and a paired writer) that grant arbitrary read and write to any MSR to any local authenticated user. Researchers demonstrated full kernel-mode code execution by overwriting LSTAR (the address Windows jumps to on every syscall) and redirecting it into attacker-controlled memory. Multiple working exploits are public.

Lenovo published an advisory and patched in Dispatcher 3.1.0.41 (September 2025); versions up to and including 3.1.0.36 are vulnerable. Enabling Core Isolation → Memory Integrity in Windows blocks the technique, and is on by default on current Windows 11 Lenovo systems.

If this driver is on your Lenovo machine, check Lenovo Vantage or the Lenovo support page for your model and update the Dispatcher / Process Management package.

What the record shows

lnvmsrio.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “lnvmsrio.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/lnvmsrio-sys