CVE-2021-38576

Summary

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Affected Software

VendorProductVersion RangeStatus
n/aEDK IIedk2-stable202105, edk2-stable202102, edk2-stable202011, edk2-stable202008, edk2-stable202005, edk2-stable202002, edk2-stable201911, edk2-stable201908, edk2-stable201905, edk2-stable201903, edk2-stable201811, edk2-stable201808affected

Weaknesses

  • Security Feature Bypass

ADP Enrichment

CVE Program Container

Additional References

References