CVE-2016-8224

Summary

CVE	CVE-2016-8224
State	PUBLISHED
Assigner	lenovo
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-11-29 20:59:02 UTC
Updated	2026-05-06 22:30:45 UTC
Description	A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.

Risk And Classification

Primary CVSS: v3.0 4.4 MEDIUM from [email protected]

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000420000 probability, percentile 0.126730000 (date 2026-05-10)

Problem Types: CWE-310 | Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems

Version	Source	Type	Score	Severity	Vector
3.0	[email protected]	Primary	4.4	MEDIUM	`CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H`
2.0	[email protected]	Primary	4.6		`AV:L/AC:L/Au:S/C:N/I:N/A:C`

CVSS v3.0 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS v2.0 Breakdown

Access Vector

Local

Access Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

AV:L/AC:L/Au:S/C:N/I:N/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Lenovo	Bios	-	All	All	All
Hardware	Lenovo	Notebook 110 14ibr	-	All	All	All
Operating System	Lenovo	Notebook 110 14ibr Bios	-	All	All	All
Hardware	Lenovo	Notebook 110 15ibr	-	All	All	All
Operating System	Lenovo	Notebook 110 15ibr Bios	-	All	All	All
Hardware	Lenovo	Notebook B70 80	-	All	All	All
Operating System	Lenovo	Notebook B70 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook E31 80	-	All	All	All
Operating System	Lenovo	Notebook E31 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook E40 80	-	All	All	All
Operating System	Lenovo	Notebook E40 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook E41 80	-	All	All	All
Operating System	Lenovo	Notebook E41 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook E51 80	-	All	All	All
Operating System	Lenovo	Notebook E51 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook G40 80	-	All	All	All
Operating System	Lenovo	Notebook G40 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook G50 80	-	All	All	All
Operating System	Lenovo	Notebook G50 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook G50 80 Touch	-	All	All	All
Operating System	Lenovo	Notebook G50 80 Touch Bios	-	All	All	All
Hardware	Lenovo	Notebook Ideapad 300 14ibr	-	All	All	All
Operating System	Lenovo	Notebook Ideapad 300 14ibr Bios	-	All	All	All
Hardware	Lenovo	Notebook Ideapad 300 14isk	-	All	All	All
Operating System	Lenovo	Notebook Ideapad 300 14isk Bios	-	All	All	All
Hardware	Lenovo	Notebook Ideapad 300 15ibr	-	All	All	All
Operating System	Lenovo	Notebook Ideapad 300 15ibr Bios	-	All	All	All
Hardware	Lenovo	Notebook Ideapad 300 15isk	-	All	All	All
Operating System	Lenovo	Notebook Ideapad 300 15isk Bios	-	All	All	All
Hardware	Lenovo	Notebook Ideapad 300 17isk	-	All	All	All
Operating System	Lenovo	Notebook Ideapad 300 17isk Bios	-	All	All	All
Hardware	Lenovo	Notebook Ideapad 510s 12isk	-	All	All	All
Operating System	Lenovo	Notebook Ideapad 510s 12isk Bios	-	All	All	All
Hardware	Lenovo	Notebook K21 80	-	All	All	All
Operating System	Lenovo	Notebook K21 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook K41 80	-	All	All	All
Operating System	Lenovo	Notebook K41 80 Bios	-	All	All	All
Hardware	Lenovo	Notebook Miix 710 12ikb	-	All	All	All
Operating System	Lenovo	Notebook Miix 710 12ikb Bios	-	All	All	All
Hardware	Lenovo	Notebook Xiaoxin Air 12	-	All	All	All
Operating System	Lenovo	Notebook Xiaoxin Air 12 Bios	-	All	All	All
Hardware	Lenovo	Notebook Yoga 510 14isk	-	All	All	All
Operating System	Lenovo	Notebook Yoga 510 14isk Bios	-	All	All	All
Hardware	Lenovo	Notebook Yoga 510 15isk	-	All	All	All
Operating System	Lenovo	Notebook Yoga 510 15isk Bios	-	All	All	All
Hardware	Lenovo	Notebook Yoga 710 11ikb	-	All	All	All
Operating System	Lenovo	Notebook Yoga 710 11ikb Bios	-	All	All	All
Hardware	Lenovo	Notebook Yoga 710 11isk	-	All	All	All
Operating System	Lenovo	Notebook Yoga 710 11isk Bios	-	All	All	All
Hardware	Lenovo	Notebook Yoga 900s 12isk	-	All	All	All
Operating System	Lenovo	Notebook Yoga 900s 12isk Bios	-	All	All	All
Hardware	Lenovo	Notebook Yoga 900 13isk	-	All	All	All
Operating System	Lenovo	Notebook Yoga 900 13isk Bios	-	All	All	All
Hardware	Lenovo	Thinkserver Ts150	-	All	All	All
Operating System	Lenovo	Thinkserver Ts150 Bios	-	All	All	All
Hardware	Lenovo	Thinkserver Ts450	-	All	All	All
Operating System	Lenovo	Thinkserver Ts450 Bios	-	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Lenovo Group Ltd.	Lenovo Notebook Models 110-14IBR/110-15IBR B70-80 E31-80 E40-80 E41-80 E51-80 G40-80 G50-80 G50-80 Touch Ideapad 300-14IBR/300-15IBR Ideapad 300-14ISK/300-15ISK/300-17ISK Ideapad 510S-12ISK K21-80 K41-80 MIIX 710-12IKB XiaoXin Air 12 YOGA 510-14ISK/510-15ISK YOGA 710-11IKB Yoga 710-11ISK Yoga 900-13ISK YOGA 900S-12ISK ThinkServer Models ThinkServer TS150 ThinkServer TS450	affected various	Not specified

References

Reference	Source	Link	Tags
Multiple Lenovo Products CVE-2016-8224 Local Privilege Escalation Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems - Lenovo Support	af854a3a-2127-422b-91ae-364da2661108	support.lenovo.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.