CVE-2021-46756

Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.

CVE-2021-46762

Insufficient input validation in the SMU mayallow an attacker to corrupt SMU SRAM potentially leading to a loss ofintegrity or denial of service.

CVE-2021-46763

Insufficient input validation in the SMU mayenable a privileged attacker to write beyond the intended bounds of a sharedmemory buffer potentially leading to a loss of integrity.

CVE-2021-46764

Improper validation of DRAM addresses in SMU mayallow an attacker to overwrite sensitive memory locations within the ASPpotentially resulting in a denial of service.

CVE-2021-46769

Insufficient syscall input validation in the ASPBootloader may allow a privileged attacker to execute arbitrary DMA copies,which can lead to code execution.

CVE-2021-46775

Improper input validation in ABL may enable anattacker with physical access, to perform arbitrary memory overwrites,potentially leading to a loss of integrity and code execution.

CVE-2022-23818

Insufficient input validation on the modelspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guestmemory integrity.