Are there protections built-in against 51% attack?
yes, the cost and ineffectiveness of such an attack is the preventing force.
the attacker first has to come up with about $3 billion, then has to manufacture about 1 to 1.2 million ASICs and find enough electricity to feed these machines to run and also cool them and also find the money to cover the cost of electricity and cooling. now they have about 51% of the total hashrate they start to realize that performing it attack is hard.
assuming they did all that and succeed, such a malicious attack puts bitcoin on a path of a hardfork which will in a short time change the mining algorithm and turns their billion dollar investment into dust.
As per my understanding, with a successful 51% attack, an attacker can confirm invalid transactions and do double spending of BTC.
they can only double spend a transaction they initiated themselves (meaning a transaction they made and have the private key to the outputs that were spent in it) not any other transaction and they can not confirm anything that is invalid.
doing any of this (apart from double spending) can be performed using a single CPU (not even an ASIC) because it is a hard fork that changes the consensus rules (eg. confirming invalid tx, reversing other people's txs,...) to create a new altcoin (just like the hundreds of altcoins that were created back in 2017 and 18) and their blocks are easily rejected by the entire bitcoin network.