Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-38576

Published: 3 January 2022

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Notes

AuthorNote
mdeslaur
as of 2023-01-03, upstream bug is private
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian
bionic Deferred
(2023-01-03)
focal Deferred
(2023-01-03)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred
(2023-01-03)
kinetic Deferred
(2023-01-03)
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage