File size: 3,346 Bytes
b472971 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
---
license: apache-2.0
---
# Model Card for tensorrt-deserialization-poc
This repository contains a **Proof-of-Concept (PoC)** demonstrating unsafe deserialization in NVIDIA TensorRT engines (`IRuntime::deserializeCudaEngine`). The PoC triggers a type hash mismatch that may lead to remote code execution or GPU crash. This card documents the PoC, environment, and usage instructions for security research and bug bounty submissions.
## Model Details
### Model Description
- **Developed by:** ZEUS / ATHENA
- **Shared by:** ZEUS
- **Model type:** Security PoC / Exploit Demonstration
- **Language(s) (NLP):** Python
- **License:** Apache 2.0
- **Finetuned from model [optional]:** N/A
### Model Sources
- **Repository:** [tensorrt-deserialization-poc](https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc)
- **Paper [optional]:** N/A
- **Demo [optional]:** N/A
## Uses
### Direct Use
This PoC is intended for **security researchers and bug bounty programs** to safely reproduce the unsafe deserialization behavior in TensorRT.
### Downstream Use
- Could be integrated into internal security testing pipelines to validate TensorRT engine safety.
- Not intended for production use; execution may crash GPUs or systems if misused.
### Out-of-Scope Use
- This PoC is **not a machine learning model** and should not be used for training, inference, or production ML pipelines.
- Should not be executed on unisolated production environments.
## Bias, Risks, and Limitations
- **Risks:** Triggering the PoC may crash GPUs or expose unsafe execution paths.
- **Limitations:** Only tested with TensorRT 10.13.3.9 on CUDA 13.x and Python 3.13.
- Users should run in isolated virtual environments.
### Recommendations
- Always run in a **sandboxed GPU environment**.
- Use the provided safe wrapper for triage and bug bounty submissions.
## How to Get Started with the PoC
1. Create and activate a Python virtual environment:
```bash
python3 -m venv lilith_venv
source lilith_venv/bin/activate
pip install tensorrt
python poc_trt_rce.py
import tensorrt as trt
with open("safe_trt_crash.trt", "rb") as f:
engine_data = f.read()
runtime = trt.Runtime(trt.Logger(trt.Logger.WARNING))
try:
engine = runtime.deserialize_cuda_engine(engine_data)
if engine:
print("[!] Deserialization succeeded (unexpected)")
except Exception as e:
print("[TRT] Error during deserialization:", e)
Environment Details
OS: Ubuntu 22.04
Python: 3.13
CUDA: 13.x
TensorRT: 10.13.3.9
Hardware: NVIDIA GPU (for runtime deserialization)
Technical Specifications
Objective: Demonstrate unsafe deserialization in TensorRT engines for security research.
PoC Language: Python
Serialized Engine File: safe_trt_crash.trt
Citation
Use this repository reference when citing in security reports or bug bounty submissions:
BibTeX:
@misc{LilithAdam5_2025_tensorrt,
title={tensorrt-deserialization-poc},
author={ZEUS},
year={2025},
howpublished={Hugging Face Hub},
url={https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc}
}
APA:
ZEUS. (2025). tensorrt-deserialization-poc. Hugging Face Hub. https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc
Model Card Authors
ZEUS
ATHENA
Model Card Contact
Email: [optional]
GitHub / Hugging Face: LilithAdam5
|