Lenovo Security Advisory: LEN-11306
Potential Impact: Denial of service
Severity: Medium
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2016-8226
Summary Description:
A vulnerability was identified in the BIOS of Lenovo System X M5, M6, and X6 systems. An attacker with administrative access to a system can cause a denial of service attack on the system by updating a UEFI data structure. After this occurs, the system will not complete POST (Power-On Self-Test) , hang at the Lenovo splash screen, and fail to boot.
This issue was inadvertently encountered in an update to Microsoft Windows Server 2012, Windows Server 2012R2 and Windows Server 2016 (see <https://support.lenovo.com/us/en/solutions/ht502912> for details). However, systems running any operating system are vulnerable.
Lenovo strongly recommends installing this update.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your BIOS level to the latest of version available for your system.