Intel® Wireless Bluetooth® Driver Unquoted Service Path - us

2017-03-14T00:00:00
ID LENOVO:PS500080-NOSID
Type lenovo
Reporter Lenovo
Modified 2017-03-14T00:00:00

Description

Lenovo Security Advisory: LEN-11158

Potential Impact: Denial of service

Severity: High

Scope of Impact: Industry-Wide

CVE Identifier: CVE-2016-8102

Summary Description:

A denial of service vulnerability exists in the Intel® Wireless Bluetooth® Driver for Microsoft Windows. These drivers are included in some Lenovo products. If an attacker obtains elevated privileges and is able to place a file in the truncated service path created by this vulnerability it is possible to execute unauthorized code as a privileged user each time the driver is loaded.

If this vulnerability puts you at an unacceptable level of risk and you want to mitigate before the Lenovo-certified driver is available for your product, you can visit the Intel security webpage (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00059&languageid=en-fr) to download and install the reference driver. Please be aware that the reference driver has not been qualified by Lenovo. If you experience problems as a result of installing the driver from the Intel support site, please contact Intel directly. When the Lenovo-certified driver is available for download from the Lenovo Support site, Lenovo recommends that you uninstall the Intel reference driver, and upgrade to the Lenovo support site version.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to the latest Intel Wireless Bluetooth driver available for your system.

Product Impact:

Lenovo drivers shown as "not affected" are verified by Lenovo to be not affected by this vulnerability, even if they are mentioned in the Intel documentation.