Denial of service attack on Lenovo System X M5, M6, and X6 systems
Denial of service attack on Lenovo System X M5, M6, and X6 systems
Denial of service attack on Lenovo System X M5, M6, and X6 systems
Lenovo Security Advisory: LEN-11306
Potential Impact: Denial of service
Severity: Medium
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2016-8226
Summary Description:
A vulnerability was identified in the BIOS of Lenovo System X M5, M6, and X6 systems. An attacker with administrative access to a system can cause a denial of service attack on the system by updating a UEFI data structure. After this occurs, the system will not complete POST (Power-On Self-Test) , hang at the Lenovo splash screen, and fail to boot.
This issue was inadvertently encountered in an update to Microsoft Windows Server 2012, Windows Server 2012R2 and Windows Server 2016 (see https://support.lenovo.com/us/en/solutions/ht502912 for details). However, systems running any operating system are vulnerable.
Lenovo strongly recommends installing this update.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your BIOS level to the latest of version available for your system.
Product |
Status |
Minimum Version Required to Fix |
Link to Update |
Last Updated |
Flex System x240 M4 |
Not Affected |
‐ |
‐ |
12/15/2016 |
Flex System x240 M5 |
Affected |
C4E126Q |
12/15/2016 |
|
Flex System x280 X6 |
Affected |
N3E136L |
12/15/2016 |
|
Flex System x440 M4 |
Not Affected |
‐ |
‐ |
12/15/2016 |
Flex System x480 X6 |
Affected |
N3E136L |
12/15/2016 |
|
Flex System x880 X6 |
Affected |
N3E136L |
12/15/2016 |
|
NeXtScale nx360 M5 |
Affected |
THE126O |
12/15/2016 |
|
System x3250 M6 |
Affected |
M3E106L |
12/15/2016 |
|
System x3500 M5 |
Affected |
TBE126Q |
12/15/2016 |
|
System x3550 M5 |
Affected |
TBE126Q |
12/15/2016 |
|
System x3650 M5 |
Affected |
TBE126Q |
12/15/2016 |
|
System x3750 M4 |
Not Affected |
‐ |
‐ |
12/15/2016 |
System x3850 X6 |
Affected |
A9E136L |
12/15/2016 |
|
System x3950 X6 |
Affected |
A9E136L |
12/15/2016 |
Other information and references:
https://support.lenovo.com/solutions/ht502912
Revision History:
Revision |
Date |
Description |
1.0 |
12/15/2016 |
Initial release |
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Sus comentarios ayudan a mejorar la experiencia general