CVE-2016-8222

MEDIUM

Lenovo ThinkPad BIOS - Authenticated Denial of Service and BIOS Setting Modification via SMM Services

Title source: llm

Description

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94409

Patch, Vendor Advisory x_refsource_confirm

https://support.lenovo.com/us/en/solutions/LEN_8327

Scores

CVSS v3 4.4

EPSS 0.0004

EPSS Percentile 11.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-284

Status published

Products (50)

lenovo/thinkpad_10_ella_2_bios

lenovo/thinkpad_11e_beema_bios

lenovo/thinkpad_11e_braswell_bios

lenovo/thinkpad_11e_broadwell_bios

lenovo/thinkpad_11e_skylake_bios

lenovo/thinkpad_13e_bios

lenovo/thinkpad_e450_bios

lenovo/thinkpad_e450c_bios

lenovo/thinkpad_e455_bios

lenovo/thinkpad_e460_bios

... and 40 more

Published Nov 30, 2016

Tracked Since Feb 18, 2026