execute<\/em> arbitrary code just yet, it represents an important step toward getting homebrew code running on the console.<\/p>\nThe exploit, released this weekend, makes use of a FreeBSD vulnerability in the system OS that was reported to PlayStation’s HackerOne bounty program in January (a very similar vulnerability on the PS4 was reported to PlayStation in 2020). Making use of the exploit relies on setting up a fake DNS server on your local network such that accessing the PS5’s on-screen manual (which is loaded via the system’s hidden web browser) points instead to a page on your local PC.<\/p>\n
From there, the exploit uses an error in how the PS5’s browser implementation handles memory locking while setting IPv6 socket headers. While the details get pretty technical, the exploit essentially sets up a race condition to access that exposed socket header memory before it’s fully locked. That small bit of access is then used as a hook to start reading and writing arbitrary data into large areas of the PS5’s memory via an RPC server on the host machine.<\/p>\n
Limitations<\/h2>\n
Because this exploit relies on a race condition, SpecterDev warns that it only works about 30 percent of the time and might lead to multiple kernel panics (and subsequent lengthy system restarts) before read\/write access is successfully obtained. The exploit also can’t currently write to low-level “kernel space” (which is still protected by an intact hypervisor) or even execute any code that a user might write to user space (which relies on areas of “Execute Only Memory” that are still protected).<\/p>\n