1. Home
  2. CVE Database
  3. CVE-2016-8222
MEDIUM · 4.4

CVE-2016-8222

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mod...

Vulnerability Description

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.

CVSS Score

4.4

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
LenovoThinkpad 10 Ella 2 Bios-
LenovoThinkpad 11E Beema Bios-
LenovoThinkpad 11E Braswell Bios-
LenovoThinkpad 11E Broadwell Bios-
LenovoThinkpad 11E Skylake Bios-
LenovoThinkpad 13E Bios-
LenovoThinkpad E450 Bios-
LenovoThinkpad E450C Bios-
LenovoThinkpad E455 Bios-
LenovoThinkpad E460 Bios-
LenovoThinkpad E465 Bios-
LenovoThinkpad E550 Bios-
LenovoThinkpad E550C Bios-
LenovoThinkpad E555 Bios-
LenovoThinkpad E560 Bios-
LenovoThinkpad E565 Bios-
LenovoThinkpad Edge E440 Bios-
LenovoThinkpad Edge E445 Bios-
LenovoThinkpad Edge E540 Bios-
LenovoThinkpad Edge E545 Bios-

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2016-8222?

CVE-2016-8222 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mod...

How severe is CVE-2016-8222?

CVE-2016-8222 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8222?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad 10 Ella 2 Bios, Lenovo Thinkpad 11E Beema Bios, Lenovo Thinkpad 11E Braswell Bios, Lenovo Thinkpad 11E Broadwell Bios, Lenovo Thinkpad 11E Skylake Bios.