Strix
26.1K

CVE-2021-38576

HIGHCVSS 7.5/10EPSS 1.18%

Last modified

CVE-2021-38576 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.. EPSS estimates a 1.18% chance of exploitation in the next 30 days.

Description

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.18%

63.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
TianocoreEdk2201808
TianocoreEdk2201811
TianocoreEdk2201903
TianocoreEdk2201905
TianocoreEdk2201908
TianocoreEdk2201911
TianocoreEdk2202002
TianocoreEdk2202005
TianocoreEdk2202008
TianocoreEdk2202011
TianocoreEdk2202102
TianocoreEdk2202105

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-38576?
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
How severe is CVE-2021-38576?
CVE-2021-38576 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.18% probability of exploitation in the next 30 days.
How do I fix CVE-2021-38576?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-38576?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST