CVE-2021-46758
https://notcve.org/view.php?id=CVE-2021-46758
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. La validación insuficiente de las direcciones flash SPI en el cargador de arranque ASP (AMD Secure Processor) puede permitir que un atacante lea datos en la memoria asignada más allá de la flash SPI, lo que resulta en una posible pérdida de disponibilidad e integridad. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 •
CVE-2023-20555
https://notcve.org/view.php?id=CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •