You would still have to find an exploit for the kernel or other system components in order to break out of the game's sandbox.

That is how a lot of exploits start, though. Certain PSP games used to be valuable because you could present them with crafted save files to root devices.

Although, you could also buy special batteries that would let you root a PSP...what a weird handheld.

The point is, who knows, the game's scripting language could have shipped with an undocumented 'write word to memory' function.

Note that a game with a "write word to memory" function would still need to be able to break out of the sandbox.

Well, how do you know this isn't true for your favorite game?