Vulnerabilities revealed that could significantly impact PlayStation 5 consoles
Developer notzecoxao , always attentive to everything related to the PlayStation scene , shared some interesting information regarding the Ryzen CPU vulnerabilities described by AMD on their CVE page.
The CVE (acronym for Common Vulnerabilities and Exposures), is a dictionary of vulnerabilities and security holes that are publicly disclosed, and where it seems that AMD has recently added two new critical vulnerabilities.
According to reports on wololo.net , bugs present in AMD Ryzen CPUs, its Secure Processor (SP) or system management unit (SMU) could lead to critical and difficult to fix vulnerabilities for systems that use them.
The PlayStation 5 console is equipped with a semi-customized AMD Zen 2 processor with 8 cores at a variable frequency limited to 3.5 GHz. Therefore, as always specified on wololo.net, it is likely that vulnerabilities on AMD’s Ryzen series may have an impact on PS5 as well.
The two vulnerabilities CVE-2023-20558
and CVE-2023-20559
have a rather high severity while they were only documented in March, since then they are still ongoing analysis:
CVE-2023-20558 (severity: high)
description
Poor control flow management in AmdCpmOemSmm
can allow a privileged attacker to tamper with the SMM manager, potentially leading to privilege escalation.
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html
CVE-2023-20559 (severity: high)
Description
Poor control flow management in AmdCpmGpioInitSmm
can allow a privileged attacker to tamper with the SMM manager, potentially leading to privilege escalation.
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html
SMM manager (short for System Management Mode ) is a special operating mode that is provided for handling system-level functions such as power management, system hardware control, or OEM-designed proprietary code.
This is intended for use from system firmware only, not from application software or generic system software.
The main benefit of the manager is that it offers a discrete and easily isolated processor environment that operates transparently to the operating system or executive and software applications.
Beyond the technical details, the bug could help hackers and researchers discover and develop other exploits or obtain undiscovered keys.
There are those who have even advanced a possible exploit in the BootRom, which, as with the Nintendo Switch console, could be difficult to correct.
Source¹: wololo.net
Source²: twitter.com