Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-38576

Published: 3 January 2022

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Notes

Author	Note
mdeslaur	as of 2023-01-03, upstream bug is private

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
edk2 Launchpad, Ubuntu, Debian	bionic	Deferred (2023-01-03)
	focal	Deferred (2023-01-03)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Deferred (2023-01-03)
	kinetic	Deferred (2023-01-03)
	trusty	Ignored (out of standard support)
	upstream	Needs triage
	xenial	Needs triage

References

Bugs

https://bugzilla.tianocore.org/show_bug.cgi?id=3499

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading