Vulnerability CVE-2016-8222


Published: 2016-11-30

Description:
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.

Vendor: Lenovo
Product: Thinkpad 13e bios 
Product: Thinkpad s5 yoga 15 bios 
Product: Thinkpad yoga 11e braswell bios 
Product: Thinkpad 10 ella 2 bios 
Product: Thinkpad s1 yoga vpro bios 
Product: Thinkpad x250 broadwell bios 
Product: Thinkpad p50 bios 
Product: Thinkpad x1 carbon bios 
Product: Thinkpad l440 bios 
Product: Thinkpad w541 bios 
Product: Thinkpad edge e445 bios 
Product: Thinkpad t550 bios 
Product: Thinkpad e550c bios 
Product: Thinkpad t460 bios 
Product: Thinkpad yoga 11e skylake bios 
Product: Thinkpad e450c bios 
Product: Thinkpad t440p bios 
Product: Thinkpad 11e braswell bios 
Product: Thinkpad s3 yoga 14 bios 
Product: Thinkpad x260 bios 
Product: Thinkpad p70 bios 
Product: Thinkpad x1 yoga bios 
Product: Thinkpad l460 bios 
Product: Thinkpad x140e amd bios 
Product: Thinkpad edge e545 bios 
Product: Thinkpad tablet 10 bios 
Product: Thinkpad e560 bios 
Product: Thinkpad t460s bios 
Product: Thinkpad yoga 260 s1 bios 
Product: Thinkpad e460 bios 
Product: Thinkpad t440u bios 
Product: Thinkpad 11e skylake bios 
Product: Thinkpad s5 e560p bios 
Product: Thinkpad yoga 11e bios 
Product: Thinkpad s1 yoga non vpro bios 
Product: Thinkpad x240s bios 
Product: Thinkpad l560 bios 
Product: Thinkpad x1 carbon 20bx bios 
Product: Thinkpad helix 20ch bios 
Product: Thinkpad w540 bios 
Product: Thinkpad edge e440 bios 
Product: Thinkpad t540p bios 
Product: Thinkpad e550 bios 
Product: Thinkpad t450s bios 
Product: Thinkpad e450 bios 
Product: Thinkpad t440 bios 
Product: Thinkpad yoga 11e broadwell bios 
Product: Thinkpad 11e beema bios 
Product: Thinkpad s3 s440 bios 
Product: Thinkpad x250 sharkbay bios 
Product: Thinkpad p50s bios 
Product: Thinkpad x1 tablet bios 
Product: Thinkpad l450 bios 
Product: Thinkpad w550s bios 
Product: Thinkpad edge e540 bios 
Product: Thinkpad t560 bios 
Product: Thinkpad e555 bios 
Product: Thinkpad t460p bios 
Product: Thinkpad yoga 14 460 s3 bios 
Product: Thinkpad e455 bios 
Product: Thinkpad t440s bios 
Product: Thinkpad 11e broadwell bios 
Product: Thinkpad s540 bios 
Product: Thinkpad yoga 11e beema bios 
Product: Thinkpad s1 yoga 12 bios 
Product: Thinkpad x240 bios 
Product: Thinkpad l540 bios 
Product: Thinkpad x1 carbon 20ax bios 
Product: Thinkpad helix 20cg bios 
Product: Thinkpad tablet 8 bios 
Product: Thinkpad e565 bios 
Product: Thinkpad t540 bios 
Product: Thinkpad e465 bios 
Product: Thinkpad t450 bios 

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.securityfocus.com/bid/94409
https://support.lenovo.com/us/en/solutions/LEN_8327

Related CVE
CVE-2019-6156
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resum...
CVE-2018-16098
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVE-2018-9085
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services...
CVE-2018-9082
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access ...
CVE-2018-9081
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add ...
CVE-2018-9080
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attac...
CVE-2018-9079
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript ha...
CVE-2018-9078
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompt...

Copyright 2019, cxsecurity.com

 

Back to Top