Hugging Face's logo

hacnho
/
tensorrt-efficientnms-tftrt-explicit-bypass-poc

TensorRT
security
huntr
efficientnms
tftrt
proof-of-concept
Model card Files
xet
 Community

TensorRT EfficientNMS_Explicit_TF_TRT negative-score PoC

This repository contains a bounded TensorRT proof-of-concept showing that the TF-TRT compatibility plugin EfficientNMS_Explicit_TF_TRT accepts a negative score_threshold through its official creator fields and preserves that state into a built .engine file.

Primary artifacts:

control.engine
neg_score.engine

The control.engine artifact is built from a valid EfficientNMS_Explicit_TF_TRT parameter block with:

score_threshold = 0.5
iou_threshold   = 0.5

The neg_score.engine artifact is built from the same public creator surface, but with:

score_threshold = -1.0

The verifier demonstrates a stable change in num_detections:

  • control engine:
    • all_zero -> 0
    • mixed_scores -> 1
    • all_negative -> 0
  • neg_score.engine:
    • all_zero -> 4
    • mixed_scores -> 4
    • all_negative -> 4

Under the all_negative preset, the malicious engine still returns 4 detections even though every candidate score is already negative, and the copied output scores preserve the negative values.

This is a bounded output-manipulation signal, not a code-execution claim.

Files

  • control.engine
    • valid TensorRT engine built from a valid EfficientNMS_Explicit_TF_TRT payload
  • neg_score.engine
    • TensorRT engine built from official creator fields with score_threshold=-1.0
  • verify_tftrt_explicit_remote.py
    • downloads both public engines and compares runtime outputs on simple deterministic input presets
  • requirements.txt
    • minimal Python dependency list
  • SHA256SUMS.txt
    • file hashes for the published pack

Reproduce

Environment requirements:

  • Linux x86_64
  • NVIDIA GPU
  • TensorRT Python package compatible with the published engines
  • CUDA runtime available as libcudart.so

Set up a clean environment:

python3 -m venv /tmp/trt-efficientnms-explicit-poc
/tmp/trt-efficientnms-explicit-poc/bin/python -m pip install --upgrade pip
/tmp/trt-efficientnms-explicit-poc/bin/python -m pip install -r requirements.txt

Run the verifier:

/tmp/trt-efficientnms-explicit-poc/bin/python verify_tftrt_explicit_remote.py

Expected result:

  • both engines download successfully
  • both engines deserialize and execute
  • the returned JSON shows:
    • control num_detections = 0/1/0
    • neg_score num_detections = 4/4/4

Notes

  • This pack is a benign security research PoC for triage.
  • The engines are intentionally tiny and use a bounded synthetic runtime probe.
  • This lane is distinct from the already-self-open base EfficientNMS_TRT report because the TF-TRT explicit creator path does not validate score_threshold >= 0 before building the engine.
Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support