CVE-2021-38576

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38576

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38576.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-38576

Related

UBUNTU-CVE-2021-38576

Published

2022-01-03T22:15:09Z

Modified

2025-01-14T09:30:52.249156Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

References

Affected packages

Debian:11 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2020.*

2020.11-2

2020.11-2+deb11u1

2020.11-2+deb11u2

2020.11-3

2020.11-4

2020.11-5

2021.*

2021.02-1

2021.05-1

2021.08~rc0-1

2021.08~rc0-2

2021.08-1

2021.08-2

2021.08-3

2021.11~rc1-1

2021.11-1

2021.11-2

2022.*

2022.02~rc1-1

2022.02-1

2022.02-2

2022.02-3

2022.05~rc1-1

2022.05-1

2022.05-2

2022.05-3

2022.05-4

2022.08-1

2022.11-1

2022.11-2

2022.11-3

2022.11-4

2022.11-5

2022.11-6

2023.*

2023.02-1

2023.02-2

2023.05-1

2023.05-2

2023.08-1

2023.11-1

2023.11-2

2023.11-3

2023.11-4

2023.11-5

2023.11-6

2023.11-7

2023.11-8

2024.*

2024.02-1

2024.02-2

2024.05-1

2024.05-2

2024.08-1

2024.08-2

2024.08-3

2024.08-4

2024.11-1

2024.11-2

2024.11-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2021.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2021.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/tianocore/edk2

Affected ranges

Type: GIT
Repo: https://github.com/tianocore/edk2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

06dc822d045c2bb42e497487935485302486e151

Last affected

20d2e5a125e34fc8501026613a71549b2a1a3e54

Last affected

37eef91017ad042035090cae46557f9d6e2d5917

Last affected

4c0f6e349d32cf27a7104ddd3e729d6ebc88ea70

Last affected

85588389222a3636baf0f9ed8227f2434af4c3f9

Last affected

872f953262d68a11da7bc2fb3ded16df234b8700

Last affected

89910a39dcfd788057caa5d88b7e76e112d187b5

Last affected

bd85bf54c268204c7a698a96f3ccd96cd77952cd

Last affected

ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9

Last affected

cb5f4f45ce1fca390b99dae5c42b9c4c8b53deea

Last affected

e1999b264f1f9d7230edf2448f757c73da567832

Last affected

ef91b07388e1c0a50c604e5350eeda98428ccea6

Affected versions

Other

edk2-stable201808

edk2-stable201811

edk2-stable201903

edk2-stable201905

edk2-stable201908

edk2-stable201911

edk2-stable202002

edk2-stable202005

edk2-stable202008