CVE-2021-38576

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-38576
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38576.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-38576
Downstream
Published
2022-01-03T22:15:09Z
Modified
2025-10-08T03:05:24.806152Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

References

Affected packages

Git / github.com/tianocore/edk2

Affected ranges

Type
GIT
Repo
https://github.com/tianocore/edk2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06dc822d045c2bb42e497487935485302486e151
Last affected
20d2e5a125e34fc8501026613a71549b2a1a3e54
Last affected
37eef91017ad042035090cae46557f9d6e2d5917
Last affected
4c0f6e349d32cf27a7104ddd3e729d6ebc88ea70
Last affected
85588389222a3636baf0f9ed8227f2434af4c3f9
Last affected
872f953262d68a11da7bc2fb3ded16df234b8700
Last affected
89910a39dcfd788057caa5d88b7e76e112d187b5
Last affected
bd85bf54c268204c7a698a96f3ccd96cd77952cd
Last affected
ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9
Last affected
cb5f4f45ce1fca390b99dae5c42b9c4c8b53deea
Last affected
e1999b264f1f9d7230edf2448f757c73da567832
Last affected
ef91b07388e1c0a50c604e5350eeda98428ccea6

Affected versions

Other

edk2-stable201808
edk2-stable201811
edk2-stable201903
edk2-stable201905
edk2-stable201908
edk2-stable201911
edk2-stable202002
edk2-stable202005
edk2-stable202008