Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023026

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

7.5

2023-06-13

Summary

[EDK2] Empty TPM Platform Auth.

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38576

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Solution Information

Kernel 5.0: Version 05.0A.11
Kernel 5.1: Version 05.18.11
Kernel 5.2: Version 05.28.11.
Kernel 5.3, Version 05.37.11.
Kernel 5.4, Version 05.45.11.
Kernel 5.5, Version 05.53.11.

Acknowledgements

Revision History

Revision #

Date

Description

1

2023-06-13

Initial Release