Lucene search

K
cve[email protected]CVE-2021-38576
HistoryJan 03, 2022 - 10:15 p.m.

CVE-2021-38576

2022-01-0322:15:09
web.nvd.nist.gov
29
bios bug
firmware
pc model
platform authorization
tpm
dos
cve-2021-38576
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

32.2%

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Affected configurations

NVD
Node
tianocoreedk2Match201808
OR
tianocoreedk2Match201811
OR
tianocoreedk2Match201903
OR
tianocoreedk2Match201905
OR
tianocoreedk2Match201908
OR
tianocoreedk2Match201911
OR
tianocoreedk2Match202002
OR
tianocoreedk2Match202005
OR
tianocoreedk2Match202008
OR
tianocoreedk2Match202011
OR
tianocoreedk2Match202102
OR
tianocoreedk2Match202105

CNA Affected

[
  {
    "product": "EDK II",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "edk2-stable202105, edk2-stable202102, edk2-stable202011, edk2-stable202008, edk2-stable202005, edk2-stable202002, edk2-stable201911, edk2-stable201908, edk2-stable201905, edk2-stable201903, edk2-stable201811, edk2-stable201808"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

32.2%