An interesting list of AMD vulnerabilities (could some of those have been used in the PS5 hacks?)
All eyes are turned on AMD specific vulnerabilities, given that the PS5 uses an AMD chipset.
AMD have recently published a laundry list of vulnerabilities impacting their server-specific EPYC processors. The list of more than 20 critical vulnerabilities is the result of multiple reports from security researchers at Microsoft, Google and Oracle (it also didn’t escape the scene’s attention that the security engineer from Oracle who worked on some of those vulnerabilities, Volodymyr Pikhur, was a prominent PS4 hacker not so long ago).
The vulnerability list is specifically for AMD Server processors though (EPYC series), and it’s unclear how much is shared between those and the PS5 CPU. The PS5 uses a custom AMD CPU based on Zen 2, on which the second EPYC generation is based as well.
It’s not certain that all or any of these vulnerabilities impact the PS5 architecture. Furthermore, the list has only been revealed recently, and at a quick glance, no exploit PoC have been published yet. So if hackers leveraged any of these vulnerabilities to exploit the PS5, it probably means they would have found about the vulnerabilities independently.
There are other AMD processor vulnerabilities however, some of which have been made public to some extent. We’ve discussed one of them here in September, which used voltage fault injection attacks to leak information.
The level of risk of the vulnerabilities varies of course. Some of them seem to be specific to Windows drivers. Others look “dangerous” but the security researchers haven’t been able to demonstrate actual information leaks.
Fail0verflow have stated their exploit was performed through software means. At the moment, there is no indication if, and when, TheFloW or Fail0verflow will publish their findings.
For the latest status on PS5 hacks, check our PS5 Jailbreak page.