Vulnerabilities > CVE-2021-38576 - Unspecified vulnerability in Tianocore Edk2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tianocore

NVD

Published: 2022-01-03

Updated: 2022-01-13

Summary

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Vulnerable Configurations

Part	Description	Count
Application	Tianocore Tianocore Edk2 202008 Tianocore Edk2 201905 Tianocore Edk2 202105 Tianocore Edk2 202102 Tianocore Edk2 202011 Tianocore Edk2 202005 Tianocore Edk2 202002 Tianocore Edk2 201911 Tianocore Edk2 201903 Tianocore Edk2 201811 Tianocore Edk2 201808 Tianocore Edk2 201908	12

References

https://bugzilla.tianocore.org/show_bug.cgi?id=3499