On December 15, 2024, TheFlow, the security expert, filed a report to the bounty program reported by hackerone.com under the number 2900606, providing a new bounty of $10,000 to the developer.
As you know, these reports are subject to very strict disclosure requirements, but on the other hand, once they are filed, you only have to wait a few months before discovering their contents.
It was therefore some 5 months after its submission that this report was unveiled, on April 18, 2025, and it was very interesting.
The kernel exploit, which allows to obtain privileges, is based on an overflow of the syscall sys_fsc2h_ctrl, which is a component of the console table, it remains to be seen which one because we find this syscall sys_fsc2h_ctrl in particular in mast1c0re.
So the kernel exploit allows to obtain privileges through a syscall sys_fsc2h_ctrl which is broken with 4 threads and various commands, and a specific memory allocation on malloc().
It’s highly likely that this exploit will be on PS5 (and only on PS5) but this remains to be confirmed. It is rumored that this will be fixed around firmware 10.40, but let’s wait and see.
The report is available here: https://hackerone.com/reports/2900606
Comments