Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023026
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7.5
2023-06-13
Summary
[EDK2] Empty TPM Platform Auth.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
Solution Information
Kernel 5.0: Version 05.0A.11
Kernel 5.1: Version 05.18.11
Kernel 5.2: Version 05.28.11.
Kernel 5.3, Version 05.37.11.
Kernel 5.4, Version 05.45.11.
Kernel 5.5, Version 05.53.11.
Acknowledgements
Revision History
Revision #
Date
Description
1
2023-06-13
Initial Release