Search criteria
2 vulnerabilities found for ThinkPad systems by Lenovo Group Ltd.
CVE-2016-8222 (GCVE-0-2016-8222)
Vulnerability from cvelistv5 – Published: 2016-11-30 15:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.
Severity ?
No CVSS data available.
CWE
- Microsoft Device Guard protection bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | ThinkPad systems |
Affected:
various
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_8327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad systems",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2016-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Microsoft Device Guard protection bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T10:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"name": "94409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_8327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad systems",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Microsoft Device Guard protection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94409"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN_8327",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN_8327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8222",
"datePublished": "2016-11-30T15:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8222 (GCVE-0-2016-8222)
Vulnerability from nvd – Published: 2016-11-30 15:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.
Severity ?
No CVSS data available.
CWE
- Microsoft Device Guard protection bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | ThinkPad systems |
Affected:
various
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_8327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad systems",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2016-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Microsoft Device Guard protection bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T10:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"name": "94409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_8327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad systems",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Microsoft Device Guard protection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94409"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN_8327",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN_8327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8222",
"datePublished": "2016-11-30T15:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}