Medium severity6.7NVD Advisory· Published Dec 8, 2016· Updated May 6, 2026

CVE-2016-8103

Description

SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local privileged user can exploit an SMM call out in Intel NUC Kits to execute arbitrary code in System Management Mode, gaining full platform control.

Vulnerability

An SMM call out vulnerability exists in all Intel Branded NUC Kits. The bug resides in the System Management Mode (SMM) code, allowing a local privileged user to invoke an SMM call out that executes arbitrary code within SMM. This affects all Intel NUC Kits prior to the firmware update released in response to this advisory [1].

Exploitation

An attacker must have local access to the system and possess elevated privileges (e.g., root or administrator). The exploitation sequence involves triggering the vulnerable SMM call out, which then executes attacker-controlled code in SMM context. No user interaction beyond initial access is required [1].

Impact

Successful exploitation grants the attacker full control of the platform. Since SMM operates below the operating system, the attacker can bypass OS security mechanisms, install persistent firmware-level malware, and access sensitive data. The compromise is at the highest privilege level on the platform [1].

Mitigation

Intel released firmware updates to address this vulnerability. Affected users should update their Intel NUC Kit firmware to the latest version provided by Intel. The advisory [1] contains specific version information and download links. No workarounds are available; updating firmware is the only mitigation.

References

Security Center

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Intel/Canyon BIOS
cpe:2.3:o:intel:canyon_bios:*:*:*:*:*:*:*:*
Range: <=kyskli70.86a
Intel/Citry BIOS
cpe:2.3:o:intel:citry_bios:*:*:*:*:*:*:*:*
Range: <=scchtax5.86a
Intel/City BIOS2 versions
cpe:2.3:o:intel:city_bios:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:intel:city_bios:*:*:*:*:*:*:*:*range: <=ccsklm5v.86a
- cpe:2.3:o:intel:city_bios:ccsklm30.86a:*:*:*:*:*:*:*
Intel/Swift Canyon BIOS
cpe:2.3:o:intel:swift_canyon_bios:*:*:*:*:*:*:*:*
Range: <=syskli35.86a
Intel/NUC Kitsllm-create2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: All

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/95012nvdThird Party AdvisoryVDB Entry
security-center.intel.com/advisory.aspxnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000