Insyde Security Advisory 2023026

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023026 Software CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.5 06/13/2023 06/13/2023

Summary:

[EDK2] Empty TPM Platform Auth

Vulnerability Details

CVE-2021-38576

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

Affected versions:

Kernel 5.0: Version 05.0A.11
Kernel 5.1: Version 05.18.11
Kernel 5.2: Version 05.28.11.
Kernel 5.3, Version 05.37.11.
Kernel 5.4, Version 05.45.11.
Kernel 5.5, Version 05.53.11.

Revision History:

Revision Date Description
1.0 06/13/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge