Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)

vendor:

Power Management Driver

by:

Nassim Asrir

7.5

CVSS

HIGH

Denial of Service

772

CWE

Product Name: Power Management Driver

Affected Version From: 1.67.17.48

Affected Version To: 1.67.17.48

Patch Exists: YES

Related CWE: CVE-2019-6192

CPE: a:lenovo:power_management_driver:1.67.17.48

Metasploit:

Other Scripts:

Platforms Tested: Windows 10(64bit) | ThinkPad T470p

2019

Lenovo Power Management Driver 1.67.17.48 – ‘pmdrvs.sys’ Denial of Service (PoC)

A vulnerability in pmdrvs.sys driver has been discovered in Lenovo Power Management Driver. The vulnerability exists due to insufficient input buffer validation when the driver processes IOCTL codes. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.

Mitigation:

Update to a patched version of the Lenovo Power Management Driver.

Source

Lenovo Power Management Driver 1.67.17.48 – ‘pmdrvs.sys’ Denial of Service (PoC)

Mitigation:

Exploit-DB raw data: