medium
4.7
CWE
284
Advisory Published
Updated

CVE-2016-8222

First published: Wed Nov 30 2016(Updated: )

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo ThinkPad 10 Ella 2 BIOS
Lenovo ThinkPad Yoga 11e Beema BIOS
Lenovo ThinkPad Yoga 11e Braswell
Lenovo ThinkPad 11e Broadwell BIOS
Lenovo ThinkPad Yoga 11e Skylake BIOS
Lenovo ThinkPad 13e BIOS
Lenovo ThinkPad E450 BIOS
Lenovo ThinkPad E450 BIOS
Lenovo ThinkPad E455 BIOS
Lenovo ThinkPad E460 BIOS
Lenovo ThinkPad E465 BIOS
Lenovo ThinkPad E550 BIOS
Lenovo ThinkPad E550c BIOS
Lenovo ThinkPad E555 BIOS
Lenovo ThinkPad BIOS
Lenovo ThinkPad E565 BIOS
lenovo ThinkPad edge e440
Lenovo ThinkPad Edge E445
Lenovo ThinkPad Edge E540 BIOS
Lenovo ThinkPad Edge E545 BIOS
Lenovo ThinkPad Helix 20CG BIOS
Lenovo ThinkPad Helix 20CH BIOS
Lenovo ThinkPad L440
Lenovo ThinkPad L450 BIOS
Lenovo ThinkPad L460
Lenovo ThinkPad L540
Lenovo ThinkPad L560 BIOS
Lenovo ThinkPad P50s BIOS
Lenovo ThinkPad P50s BIOS
Lenovo ThinkPad P70 BIOS
Lenovo ThinkPad S1 Yoga 12 BIOS
Lenovo ThinkPad S1 Yoga Non-VPro BIOS
Lenovo ThinkPad S1 Yoga VPro
Lenovo ThinkPad S3 S440 BIOS
Lenovo ThinkPad Yoga 14 (460) S3 BIOS
Lenovo ThinkPad S5 E560P
Lenovo ThinkPad S5 Yoga 15 BIOS
Lenovo ThinkPad S540 BIOS
Lenovo ThinkPad T440p BIOS
Lenovo ThinkPad T440p
Lenovo ThinkPad T440s BIOS
Lenovo ThinkPad T440u BIOS
Lenovo ThinkPad T450 BIOS
Lenovo ThinkPad T450s BIOS
Lenovo ThinkPad T460 BIOS
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad T460s BIOS
Lenovo ThinkPad T540p BIOS
Lenovo ThinkPad T540p BIOS
Lenovo ThinkPad T550 BIOS
Lenovo ThinkPad T560 BIOS
Lenovo ThinkPad Tablet 10 BIOS
Lenovo ThinkPad Tablet 8 BIOS
Lenovo ThinkPad W540
Lenovo ThinkPad W541 Firmware
Lenovo ThinkPad W550s BIOS
Lenovo ThinkPad X1 Carbon BIOS
Lenovo ThinkPad X1 Carbon BIOS
Lenovo ThinkPad X1 Carbon BIOS
Lenovo ThinkPad X1 Tablet BIOS
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad x140e
Lenovo ThinkPad x240s BIOS
Lenovo ThinkPad x240s BIOS
Lenovo ThinkPad X250 Shark Bay BIOS
Lenovo ThinkPad x250 Shark Bay BIOS
Lenovo ThinkPad x260 BIOS
Lenovo ThinkPad 11e Beema BIOS
Lenovo ThinkPad 11e Beema BIOS
Lenovo ThinkPad Yoga 11e Braswell BIOS
Lenovo ThinkPad Yoga 11e Broadwell BIOS
Lenovo ThinkPad Yoga 11e Skylake BIOS
Lenovo ThinkPad Yoga 14 (460) S3 BIOS
Lenovo ThinkPad Yoga 260 S1 BIOS
Lenovo ThinkPad 10 Ella 2 BIOS
Lenovo ThinkPad 11e
Lenovo ThinkPad 11e
Lenovo ThinkPad 11e Broadwell BIOS
Lenovo ThinkPad 11e
lenovo ThinkPad 13e BIOS
Lenovo ThinkPad E450 BIOS
Lenovo ThinkPad E450c
Lenovo ThinkPad E455 Firmware
Lenovo ThinkPad E460
Lenovo ThinkPad E465 BIOS
Lenovo ThinkPad E550 BIOS
Lenovo ThinkPad E550c BIOS
Lenovo ThinkPad E555
Lenovo ThinkPad E560
Lenovo ThinkPad E565 BIOS
Lenovo ThinkPad Edge E440
Lenovo ThinkPad Edge E445
Lenovo ThinkPad Edge E540 BIOS
Lenovo ThinkPad Edge E545 BIOS
Lenovo ThinkPad Helix 20CG BIOS
Lenovo ThinkPad Helix 20CH BIOS
Lenovo ThinkPad L440
Lenovo ThinkPad L450
Lenovo ThinkPad L460 Firmware
Lenovo ThinkPad L540 BIOS
Lenovo ThinkPad L560 Firmware
Lenovo ThinkPad P50 Firmware
Lenovo ThinkPad P50s BIOS
Lenovo ThinkPad P70 BIOS
Lenovo ThinkPad S1 Yoga 12 BIOS
Lenovo ThinkPad S1 Yoga
Lenovo ThinkPad S1 Yoga VPro Firmware
Lenovo ThinkPad S3 S440 BIOS
Lenovo ThinkPad Yoga 14 (460) S3 BIOS
Lenovo ThinkPad S5
Lenovo ThinkPad S5 Yoga 15 Firmware
Lenovo ThinkPad S540 BIOS
Lenovo ThinkPad T440
Lenovo ThinkPad T440p Firmware
Lenovo ThinkPad T440s Firmware
Lenovo ThinkPad T440u
Lenovo ThinkPad T450 Firmware
Lenovo ThinkPad T450s Firmware
Lenovo ThinkPad T460 firmware
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad T460s Firmware
Lenovo ThinkPad T540p Firmware
Lenovo ThinkPad T540p Firmware
Lenovo ThinkPad T550
Lenovo ThinkPad T560 Firmware
Lenovo ThinkPad Tablet 10 Firmware
Lenovo ThinkPad Tablet 8 Firmware
Lenovo ThinkPad W540 Firmware
Lenovo ThinkPad W541 Firmware
Lenovo ThinkPad W550s
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Carbon (20AX)
Lenovo ThinkPad X1 Carbon (20BX) Firmware
Lenovo ThinkPad X1 Tablet Firmware
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad x140e
Lenovo ThinkPad x240 firmware
Lenovo ThinkPad x240s BIOS
Lenovo ThinkPad x250 Broadwell BIOS
Lenovo ThinkPad x250 Shark Bay BIOS
Lenovo ThinkPad x260
Lenovo ThinkPad 11e YOGA
Lenovo ThinkPad 11e Beema BIOS
Lenovo ThinkPad Yoga 11e Braswell BIOS
Lenovo ThinkPad Yoga 11e Broadwell BIOS
Lenovo ThinkPad Yoga 11e Skylake
Lenovo ThinkPad Yoga 14 (460) S3 BIOS
Lenovo ThinkPad Yoga 260 S1 BIOS

Remedy

https://support.lenovo.com/us/en/solutions/LEN_8327

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2016-8222?

    CVE-2016-8222 has been classified as a medium severity vulnerability that could lead to denial of service or unauthorized access to BIOS variables.

  • How do I fix CVE-2016-8222?

    Fixing CVE-2016-8222 involves applying the latest BIOS updates from Lenovo which address this vulnerability.

  • Which systems are affected by CVE-2016-8222?

    CVE-2016-8222 affects various Lenovo ThinkPad models including the ThinkPad 10, Yoga 11e series, and several others listed in the vulnerability details.

  • Can an attacker exploit CVE-2016-8222 remotely?

    No, an attacker must have Windows administrator-level privileges on the affected system to exploit CVE-2016-8222.

  • What impact does CVE-2016-8222 have on system security?

    CVE-2016-8222 could allow an attacker to gain access to sensitive BIOS settings or cause a denial of service attack, impacting system integrity.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203