Nota: este sitio web incluye un sistema de accesibilidad. Presione Control-F11 para ajustar el sitio web a las personas con discapacidad visual que están usando un lector de pantalla; Presione Control-F10 para abrir un menú de accesibilidad.

Denial of service attack on Lenovo System X M5, M6, and X6 systems

Denial of service attack on Lenovo System X M5, M6, and X6 systems

Denial of service attack on Lenovo System X M5, M6, and X6 systems

Lenovo Security Advisory: LEN-11306

Potential Impact:  Denial of service

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2016-8226

 

Summary Description:

A vulnerability was identified in the BIOS of Lenovo System X M5, M6, and X6 systems. An attacker with administrative access to a system can cause a denial of service attack on the system by updating a UEFI data structure. After this occurs, the system will not complete POST (Power-On Self-Test) , hang at the Lenovo splash screen, and fail to boot.

This issue was inadvertently encountered in an update to Microsoft Windows Server 2012, Windows Server 2012R2 and Windows Server 2016 (see https://support.lenovo.com/us/en/solutions/ht502912 for details). However, systems running any operating system are vulnerable.

Lenovo strongly recommends installing this update.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update your BIOS level to the latest of version available for your system.

 

Product Impact:

Product

Status

Minimum Version Required to Fix

Link to Update

Last Updated

Flex System x240 M4

Not Affected

12/15/2016

Flex System x240 M5

Affected

C4E126Q

http://support.lenovo.com/downloads/DS119582

12/15/2016

Flex System x280 X6

Affected

N3E136L

http://support.lenovo.com/downloads/DS119581

12/15/2016

Flex System x440 M4

Not Affected

12/15/2016

Flex System x480 X6

Affected

N3E136L

http://support.lenovo.com/downloads/DS119581

12/15/2016

Flex System x880 X6

Affected

N3E136L

http://support.lenovo.com/downloads/DS119581

12/15/2016

NeXtScale nx360 M5

Affected

THE126O

http://support.lenovo.com/downloads/DS119584

12/15/2016

System x3250 M6

Affected

M3E106L

http://support.lenovo.com/downloads/DS119583

12/15/2016

System x3500 M5

Affected

TBE126Q

http://support.lenovo.com/downloads/DS119579

12/15/2016

System x3550 M5

Affected

TBE126Q

http://support.lenovo.com/downloads/DS119579

12/15/2016

System x3650 M5

Affected

TBE126Q

http://support.lenovo.com/downloads/DS119579

12/15/2016

System x3750 M4

Not Affected

12/15/2016

System x3850 X6

Affected

A9E136L

http://support.lenovo.com/downloads/DS119577

12/15/2016

System x3950 X6

Affected

A9E136L

http://support.lenovo.com/downloads/DS119577

12/15/2016

Other information and references:

https://support.lenovo.com/solutions/ht502912

 

Revision History:

Revision

Date

Description

1.0

12/15/2016

Initial release

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 


Identificación de alias:LEN-11306
ID del documento:PS500083
Fecha de publicación original:12/15/2016
Fecha de última modificación:12/15/2016