--- license: apache-2.0 --- # Model Card for tensorrt-deserialization-poc This repository contains a **Proof-of-Concept (PoC)** demonstrating unsafe deserialization in NVIDIA TensorRT engines (`IRuntime::deserializeCudaEngine`). The PoC triggers a type hash mismatch that may lead to remote code execution or GPU crash. This card documents the PoC, environment, and usage instructions for security research and bug bounty submissions. ## Model Details ### Model Description - **Developed by:** ZEUS / ATHENA - **Shared by:** ZEUS - **Model type:** Security PoC / Exploit Demonstration - **Language(s) (NLP):** Python - **License:** Apache 2.0 - **Finetuned from model [optional]:** N/A ### Model Sources - **Repository:** [tensorrt-deserialization-poc](https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc) - **Paper [optional]:** N/A - **Demo [optional]:** N/A ## Uses ### Direct Use This PoC is intended for **security researchers and bug bounty programs** to safely reproduce the unsafe deserialization behavior in TensorRT. ### Downstream Use - Could be integrated into internal security testing pipelines to validate TensorRT engine safety. - Not intended for production use; execution may crash GPUs or systems if misused. ### Out-of-Scope Use - This PoC is **not a machine learning model** and should not be used for training, inference, or production ML pipelines. - Should not be executed on unisolated production environments. ## Bias, Risks, and Limitations - **Risks:** Triggering the PoC may crash GPUs or expose unsafe execution paths. - **Limitations:** Only tested with TensorRT 10.13.3.9 on CUDA 13.x and Python 3.13. - Users should run in isolated virtual environments. ### Recommendations - Always run in a **sandboxed GPU environment**. - Use the provided safe wrapper for triage and bug bounty submissions. ## How to Get Started with the PoC 1. Create and activate a Python virtual environment: ```bash python3 -m venv lilith_venv source lilith_venv/bin/activate pip install tensorrt python poc_trt_rce.py import tensorrt as trt with open("safe_trt_crash.trt", "rb") as f: engine_data = f.read() runtime = trt.Runtime(trt.Logger(trt.Logger.WARNING)) try: engine = runtime.deserialize_cuda_engine(engine_data) if engine: print("[!] Deserialization succeeded (unexpected)") except Exception as e: print("[TRT] Error during deserialization:", e) Environment Details OS: Ubuntu 22.04 Python: 3.13 CUDA: 13.x TensorRT: 10.13.3.9 Hardware: NVIDIA GPU (for runtime deserialization) Technical Specifications Objective: Demonstrate unsafe deserialization in TensorRT engines for security research. PoC Language: Python Serialized Engine File: safe_trt_crash.trt Citation Use this repository reference when citing in security reports or bug bounty submissions: BibTeX: @misc{LilithAdam5_2025_tensorrt, title={tensorrt-deserialization-poc}, author={ZEUS}, year={2025}, howpublished={Hugging Face Hub}, url={https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc} } APA: ZEUS. (2025). tensorrt-deserialization-poc. Hugging Face Hub. https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc Model Card Authors ZEUS ATHENA Model Card Contact Email: [optional] GitHub / Hugging Face: LilithAdam5