CVE-2021-46769

Insufficient syscall input validation in the ASPBootloader may allow a privileged attacker to execute arbitrary DMA copies,which can lead to code execution.

CVE-2021-26344

An out of bounds memory write when processing the AMDPSP1 Configuration Block (APCB) could allow an attacker with access the abilityto modify the BIOS image, and the ability to sign the resulting image, topotentially modify the APCB block resulting in arbitrary code execution.