NVIDIA CUDA Toolkit cuobjdump Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in the NVIDIA CUDA Toolkit cuobjdump binary, all versions prior to 12.9. This vulnerability arises from inadequate length validation of buffers when cuobjdump processes malformed ELF files. An attacker can exploit this flaw to cause the tool to crash or execute arbitrary code. The exploitation involves crafting a fatbin file that, when processed by cuobjdump with the '--dump-elf' flag, triggers an integer overflow. This overflow can be manipulated to overwrite memory, leading to code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where the CUDA Toolkit is installed.

Reproduction

The vulnerability can be reproduced by creating a fatbin file that includes a specially crafted '.nv_debug_source' section. This section should be designed to cause an integer overflow during parsing, which can be achieved by setting the filename size to '0xffff'. When this crafted fatbin file is processed by cuobjdump with the '--dump-elf' option, the integer overflow occurs, leading to a buffer underwrite. This underwrite can be exploited by overwriting memory with controlled data, eventually allowing the execution of arbitrary code.

Remediation

Users are advised to upgrade to NVIDIA CUDA Toolkit version 12.9 or later.