CVE-2016-8225 Lenovo CVE debrief

Who should care

Administrators and security teams responsible for systems using Lenovo Edge Keyboard Driver or Lenovo Slim USB Keyboard Driver versions 1.20 or earlier should treat this as a local privilege escalation risk, especially where untrusted local users can log on or run code.

Technical summary

The NVD record classifies the vulnerability as CWE-428 (unquoted service path) and lists the affected Lenovo Edge Keyboard Driver and Lenovo Slim USB Keyboard Driver versions as vulnerable through 1.20. The published CVSS 3.0 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, consistent with a local attack that can lead to high confidentiality, integrity, and availability impact once an attacker has local privileges.

Defensive priority

High for exposed endpoints that still run the affected driver versions, but the attack requires local access and some privileges, so prioritize systems with shared logon access, developer workstations, or other environments where local code execution is more feasible.

Recommended defensive actions

• Verify whether Lenovo Edge Keyboard Driver or Lenovo Slim USB Keyboard Driver is installed and whether the version is 1.20 or earlier.
• Apply the Lenovo vendor advisory guidance and update to a fixed version newer than 1.20 / at least 1.21 where available.
• Remove or replace the affected driver if it is no longer needed.
• Restrict local user access where practical and monitor for unexpected service or driver execution behavior on affected systems.

Evidence notes

The debrief is based on the CVE record, NVD metadata, and Lenovo's vendor advisory reference. NVD lists the vulnerability as CVE-2016-8225 with CWE-428 and vulnerable CPE criteria for Lenovo Edge Keyboard Driver and Lenovo Slim USB Keyboard Driver through version 1.20. The public record was published on 2017-01-26 and later modified on 2026-05-13; that modification date is not treated as the disclosure date.

Official resources