Ryzen 7 4980U Firmware Security Vulnerabilities - 2023

CVE-2021-46758

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

CVE-2022-23820

Failure to validate the AMD SMM communication buffermay allow an attacker to corrupt the SMRAM potentially leading to arbitrarycode execution.

CVE-2022-23821

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

CVE-2023-20555

Insufficient input validation inCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwritingan arbitrary bit in an attacker-controlled pointer potentially leading toarbitrary code execution in SMM.