CVE-2016-8222

Name: CVE-2016-8222
Creator: NVD / NIST
Published: 2016-11-30T15:59:00.173+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.30%

Last modified Jun 17, 2026

CVE-2016-8222 is a vulnerability of currently unknown severity. A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.

Metrics

EPSS Probability

0.30%

21.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions
Lenovo	Thinkpad 10 Ella 2 Bios	All versions
Lenovo	Thinkpad 11e Beema Bios	All versions
Lenovo	Thinkpad 11e Braswell Bios	All versions
Lenovo	Thinkpad 11e Broadwell Bios	All versions
Lenovo	Thinkpad 11e Skylake Bios	All versions
Lenovo	Thinkpad 13e Bios	All versions
Lenovo	Thinkpad E450 Bios	All versions
Lenovo	Thinkpad E450c Bios	All versions
Lenovo	Thinkpad E455 Bios	All versions
Lenovo	Thinkpad E460 Bios	All versions
Lenovo	Thinkpad E465 Bios	All versions
Lenovo	Thinkpad E550 Bios	All versions
Lenovo	Thinkpad E550c Bios	All versions
Lenovo	Thinkpad E555 Bios	All versions
Lenovo	Thinkpad E560 Bios	All versions
Lenovo	Thinkpad E565 Bios	All versions
Lenovo	Thinkpad Edge E440 Bios	All versions
Lenovo	Thinkpad Edge E445 Bios	All versions
Lenovo	Thinkpad Edge E540 Bios	All versions
Lenovo	Thinkpad Edge E545 Bios	All versions
Lenovo	Thinkpad Helix 20cg Bios	All versions
Lenovo	Thinkpad Helix 20ch Bios	All versions
Lenovo	Thinkpad L440 Bios	All versions
Lenovo	Thinkpad L450 Bios	All versions
Lenovo	Thinkpad L460 Bios	All versions
Lenovo	Thinkpad L540 Bios	All versions
Lenovo	Thinkpad L560 Bios	All versions
Lenovo	Thinkpad P50 Bios	All versions
Lenovo	Thinkpad P50s Bios	All versions
Lenovo	Thinkpad P70 Bios	All versions
Lenovo	Thinkpad S1 Yoga 12 Bios	All versions
Lenovo	Thinkpad S1 Yoga Non Vpro Bios	All versions
Lenovo	Thinkpad S1 Yoga Vpro Bios	All versions
Lenovo	Thinkpad S3 S440 Bios	All versions
Lenovo	Thinkpad S3 Yoga 14 Bios	All versions
Lenovo	Thinkpad S5 E560p Bios	All versions
Lenovo	Thinkpad S5 Yoga 15 Bios	All versions
Lenovo	Thinkpad S540 Bios	All versions
Lenovo	Thinkpad T440 Bios	All versions
Lenovo	Thinkpad T440p Bios	All versions
Lenovo	Thinkpad T440s Bios	All versions
Lenovo	Thinkpad T440u Bios	All versions
Lenovo	Thinkpad T450 Bios	All versions
Lenovo	Thinkpad T450s Bios	All versions
Lenovo	Thinkpad T460 Bios	All versions
Lenovo	Thinkpad T460p Bios	All versions
Lenovo	Thinkpad T460s Bios	All versions
Lenovo	Thinkpad T540 Bios	All versions
Lenovo	Thinkpad T540p Bios	All versions
Lenovo	Thinkpad T550 Bios	All versions

Showing 50 of 74 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/94409
https://support.lenovo.com/us/en/solutions/LEN_8327Patch, Vendor Advisory
http://www.securityfocus.com/bid/94409
https://support.lenovo.com/us/en/solutions/LEN_8327Patch, Vendor Advisory

Timeline

Published: Nov 30, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-8222?

How severe is CVE-2016-8222?

Severity scoring for CVE-2016-8222 is pending analysis. The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2016-8222?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-8222?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST