CVE-2021-38576 – A BIOS firmware vulnerability in certain PC mod... (How to Fix)

Q: What is the severity of CVE-2021-38576?

CVE-2021-38576 has a CVSS score of 7.5 (HIGH). A BIOS firmware vulnerability in certain PC models leaves the Platform authorization value empty, allowing attackers to permanently brick the TPM chip or cause temporary denial-of-service. This affects systems with the vulnerable firmware, potentially compromising security features that rely on TPM functionality.

📋 TL;DR

A BIOS firmware vulnerability in certain PC models leaves the Platform authorization value empty, allowing attackers to permanently brick the TPM chip or cause temporary denial-of-service. This affects systems with the vulnerable firmware, potentially compromising security features that rely on TPM functionality.

💻 Affected Systems

Products:

Specific PC models with vulnerable Tianocore EDK II firmware

Versions: Specific firmware versions not publicly detailed in references

Operating Systems: All operating systems running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in BIOS/firmware layer, affecting all OS installations on the hardware. Exact model list not fully specified in public references.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent bricking of the TPM chip, rendering security features like disk encryption, secure boot, and hardware-based authentication permanently unusable.

🟠

Likely Case

Temporary denial-of-service requiring physical intervention to reset the system, disrupting operations until manual recovery.

🟢

If Mitigated

Limited impact if systems are patched before exploitation, with TPM functionality preserved and no operational disruption.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical or administrative access to the system to manipulate BIOS/TPM settings. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates from hardware vendors

Vendor Advisory: https://bugzilla.tianocore.org/show_bug.cgi?id=3499

Restart Required: Yes

Instructions:

1. Contact hardware vendor for BIOS/firmware update. 2. Download and verify update from official vendor source. 3. Apply firmware update following vendor instructions. 4. Reboot system to complete installation.

🔧 Temporary Workarounds

Disable TPM Platform Authorization

all

Temporarily disable TPM platform authorization features in BIOS to prevent exploitation, though this reduces security functionality.

Restrict Physical Access

all

Implement strict physical security controls to prevent unauthorized BIOS access.

🧯 If You Can't Patch

Isolate affected systems from high-risk networks and users
Implement compensating controls like full disk encryption at software layer

🔍 How to Verify

Check if Vulnerable:

Check BIOS/firmware version against vendor advisories. On Linux: 'sudo dmidecode -t bios' or 'sudo cat /sys/class/dmi/id/bios_version'. On Windows: 'wmic bios get smbiosbiosversion'.

Check Version:

Linux: 'sudo dmidecode -t bios | grep Version' Windows: 'wmic bios get smbiosbiosversion'

Verify Fix Applied:

Confirm BIOS/firmware version has been updated to patched version from vendor. Verify TPM functionality tests pass.

📡 Detection & Monitoring

Log Indicators:

BIOS/UEFI firmware modification events
TPM error or failure logs in system events
Unexpected system reboots or boot failures

Network Indicators:

None - this is a local hardware/firmware vulnerability

SIEM Query:

EventID 12 (System start) with unexpected BIOS version changes on Windows, or auth.log entries showing physical console access on Linux

📊 Metadata

CVE ID: CVE-2021-38576

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: January 3, 2022

Last Updated: November 3, 2025

🔗 References

https://bugzilla.tianocore.org/show_bug.cgi?id=3499 Issue Tracking,Permissions Required,Third Party Advisory
https://bugzilla.tianocore.org/show_bug.cgi?id=3499 Issue Tracking,Permissions Required,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

Edk2 by Tianocore

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable TPM Platform Authorization

Restrict Physical Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export