High severity7.8NVD Advisory· Published Nov 29, 2016· Updated May 6, 2026

CVE-2016-8223

Description

During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.

Affected products

Lenovo/System Interface Foundation
cpe:2.3:a:lenovo:system_interface_foundation:*:*:*:*:*:*:*:*
Range: <=1.0.66.0
Lenovo Group Ltd./All Thinkpad, Thinkcentre, Thinkstation And Lenovo Branded Systems Preloaded With The Windows 10 Operating System, Or Any System Running Lenovo Companion, Lenovo Settings, Or Lenovo Id.v5
Range: 1.0.66.0 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.lenovo.com/us/en/solutions/LEN_10150nvdPatchVendor Advisory
www.securityfocus.com/bid/94597nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000