An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
Credits
Lenovo thanks Manuel Kiesel (cyllective AG) for reporting these issues.
