Lenovo Security Advisory: LEN-11158
Potential Impact: Denial of service
Scope of Impact: Industry-Wide
CVE Identifier: CVE-2016-8102
A denial of service vulnerability exists in the Intel® Wireless Bluetooth® Driver for Microsoft Windows. These drivers are included in some Lenovo products. If an attacker obtains elevated privileges and is able to place a file in the truncated service path created by this vulnerability it is possible to execute unauthorized code as a privileged user each time the driver is loaded.
If this vulnerability puts you at an unacceptable level of risk and you want to mitigate before the Lenovo-certified driver is available for your product, you can visit the Intel security webpage (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00059&languageid=en-fr) to download and install the reference driver. Please be aware that the reference driver has not been qualified by Lenovo. If you experience problems as a result of installing the driver from the Intel support site, please contact Intel directly. When the Lenovo-certified driver is available for download from the Lenovo Support site, Lenovo recommends that you uninstall the Intel reference driver, and upgrade to the Lenovo support site version.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the latest Intel Wireless Bluetooth driver available for your system.
Lenovo drivers shown as "not affected" are verified by Lenovo to be not affected by this vulnerability, even if they are mentioned in the Intel documentation.