Hugging Face's logo

hacnho
/
tensorrt-efficientnms-tftrt-implicit-bypass-poc

TensorRT
security
huntr
efficientnms
tftrt
implicit-batch
proof-of-concept
Model card Files
xet
 Community

TensorRT EfficientNMS_Implicit_TF_TRT negative-score PoC

This repository contains a bounded TensorRT proof-of-concept showing that the TF-TRT compatibility plugin EfficientNMS_Implicit_TF_TRT accepts a negative score_threshold through its serialized plugin state and preserves that state into a built .engine file.

Primary artifacts:

control.engine
neg_score.engine

The control.engine artifact is built from a valid EfficientNMS_Implicit_TF_TRT parameter block with:

score_threshold = 0.5
iou_threshold   = 0.5

The neg_score.engine artifact is built from the same plugin type and shape contract, but with:

score_threshold = -0.25

The verifier demonstrates a stable change in per-sample num_detections:

  • control engine:
    • all_negative -> [0,0,0,0]
    • mixed_scores -> [1,0,0,0]
    • all_zero -> [0,0,0,0]
  • neg_score.engine:
    • all_negative -> [1,1,1,1]
    • mixed_scores -> [1,1,1,1]
    • all_zero -> [1,1,1,1]

Under the all_negative preset, the malicious engine still returns detections even though every candidate score is already negative, and the copied output score buffer preserves the negative values.

This is a bounded output-manipulation signal, not a code-execution claim.

Files

  • control.engine
    • valid TensorRT engine built from a valid EfficientNMS_Implicit_TF_TRT payload
  • neg_score.engine
    • TensorRT engine built from the same minimal shape contract with score_threshold=-0.25
  • verify_tftrt_implicit_remote.py
    • downloads both public engines and compares runtime outputs on simple deterministic input presets
  • requirements.txt
    • minimal Python dependency list

Reproduce

Environment requirements:

  • Linux x86_64
  • NVIDIA GPU
  • TensorRT Python package compatible with the published engines
  • CUDA runtime available as libcudart.so

Set up a clean environment:

python3 -m venv /tmp/trt-efficientnms-implicit-poc
/tmp/trt-efficientnms-implicit-poc/bin/python -m pip install --upgrade pip
/tmp/trt-efficientnms-implicit-poc/bin/python -m pip install -r requirements.txt

Run the verifier:

/tmp/trt-efficientnms-implicit-poc/bin/python verify_tftrt_implicit_remote.py

Expected result:

  • both engines download successfully
  • both engines deserialize and execute
  • the returned JSON shows:
    • control num_detections = [0,0,0,0] / [1,0,0,0] / [0,0,0,0]
    • neg_score num_detections = [1,1,1,1] / [1,1,1,1] / [1,1,1,1]

Notes

  • This pack is a benign security research PoC for triage.
  • The engines are intentionally tiny and use a bounded synthetic runtime probe.
  • This lane is distinct from the already-submitted EfficientNMS_Explicit_TF_TRT branch because the implicit TF-TRT plugin uses a different plugin type and a different legacy input-shape contract.
Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support