{"id":"CVE-2021-38576","details":"A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.","modified":"2026-04-11T12:37:01.413100Z","published":"2022-01-03T22:15:09.903Z","database_specific":{},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"},{"type":"REPORT","url":"https://bugzilla.tianocore.org/show_bug.cgi?id=3499"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tianocore/edk2","events":[{"introduced":"0"},{"last_affected":"cb5f4f45ce1fca390b99dae5c42b9c4c8b53deea"},{"last_affected":"85588389222a3636baf0f9ed8227f2434af4c3f9"},{"last_affected":"89910a39dcfd788057caa5d88b7e76e112d187b5"},{"last_affected":"20d2e5a125e34fc8501026613a71549b2a1a3e54"},{"last_affected":"37eef91017ad042035090cae46557f9d6e2d5917"},{"last_affected":"bd85bf54c268204c7a698a96f3ccd96cd77952cd"},{"last_affected":"4c0f6e349d32cf27a7104ddd3e729d6ebc88ea70"},{"last_affected":"ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9"},{"last_affected":"06dc822d045c2bb42e497487935485302486e151"},{"last_affected":"872f953262d68a11da7bc2fb3ded16df234b8700"},{"last_affected":"ef91b07388e1c0a50c604e5350eeda98428ccea6"},{"last_affected":"e1999b264f1f9d7230edf2448f757c73da567832"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:tianocore:edk2:201808:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:201811:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:201903:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:201905:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:201908:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:201911:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:202002:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:202005:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:202008:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:202011:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:202102:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk2:202105:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"201808"},{"last_affected":"201811"},{"last_affected":"201903"},{"last_affected":"201905"},{"last_affected":"201908"},{"last_affected":"201911"},{"last_affected":"202002"},{"last_affected":"202005"},{"last_affected":"202008"},{"last_affected":"202011"},{"last_affected":"202102"},{"last_affected":"202105"}]}}],"versions":["edk2-stable201808","edk2-stable201811","edk2-stable201903","edk2-stable201905","edk2-stable201908","edk2-stable201911","edk2-stable202002","edk2-stable202005","edk2-stable202008","edk2-stable202011","edk2-stable202102","edk2-stable202105"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38576.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}