We disclose a CVE-worthy issue (ID requested): The handshake in Formatter v3.7.0.0 lacks authentication. A malicious USB device emulating a PS2251 with .162 signature can receive the tool’s payload and escalate to ring-0 execution on the host via a crafted SCSI request. Proof-of-concept code is provided in Appendix B.
Because Phison does not publicly distribute MP Tools to end users, these utilities leak via: Formatter Silicon Power v.3.7.0.0 -PS2251-.162
Users typically search for “PS2251 MP Tool v3.7.0.0” or “Silicon Power PS2251 formatter” and assemble a folder containing an .exe formatter, .ini configuration files, and firmware binaries. The name “Formatter Silicon Power v.3.7.0.0 -PS2251-.162” would then be a descriptive folder or ISO label. We disclose a CVE-worthy issue (ID requested): The
Formatter Silicon Power v3.7.0.0 for firmware .162 is a double-edged tool: highly effective at restoring write performance on PS2251-based drives, but permanently reduces capacity and exposes a security flaw. We recommend Silicon Power release an updated formatter with G-list sparing options and signed command authentication. For end users, this tool should be used only as a last resort. Users typically search for “PS2251 MP Tool v3