Denial of service attack on Lenovo System X M5, M6, and X6 systems - Lenovo Support US

Lenovo Security Advisory: LEN-11306

Potential Impact: Denial of service

Severity: Medium

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2016-8226

Summary Description:

A vulnerability was identified in the BIOS of Lenovo System X M5, M6, and X6 systems. An attacker with administrative access to a system can cause a denial of service attack on the system by updating a UEFI data structure. After this occurs, the system will not complete POST (Power-On Self-Test) , hang at the Lenovo splash screen, and fail to boot.

This issue was inadvertently encountered in an update to Microsoft Windows Server 2012, Windows Server 2012R2 and Windows Server 2016 (see <https://support.lenovo.com/us/en/solutions/ht502912&gt; for details). However, systems running any operating system are vulnerable.

Lenovo strongly recommends installing this update.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update your BIOS level to the latest of version available for your system.