Hugging Face's logo

hacnho
/
tensorrt-efficientnms-validation-bypass-poc

TensorRT
security
huntr
plugin
efficientnms
proof-of-concept
Model card Files
xet
 Community

TensorRT EfficientNMS validation-bypass PoC

This repository contains a bounded TensorRT proof-of-concept showing that a handcrafted non-empty serialized EfficientNMS_TRT payload can bypass the creator-side scoreThreshold >= 0 invariant and survive into a built engine.

Primary artifacts:

control.engine
neg_score.engine

The control.engine artifact is built from a valid serialized EfficientNMS parameter block.

The neg_score.engine artifact is built from an invalid serialized EfficientNMS parameter block where:

scoreThreshold = -1.0

The key runtime effect demonstrated by the verifier is a stable change in num_detections:

  • control engine:
    • all_zero -> 0
    • one_high_score -> 1
    • mixed_scores -> 1
    • all_negative -> 0
  • neg_score.engine:
    • all_zero -> 4
    • one_high_score -> 4
    • mixed_scores -> 4
    • all_negative -> 4

Under the all_negative preset, the malicious engine still returns 4 detections even though every candidate score is already below zero, and the copied output scores preserve the negative values.

This is a bounded output-manipulation signal, not a claim of code execution.

Files

  • control.engine
    • valid TensorRT engine built from a valid EfficientNMS_TRT payload
  • neg_score.engine
    • TensorRT engine built from a serialized payload with scoreThreshold=-1.0
  • verify_efficientnms_remote.py
    • downloads both public engines and compares runtime outputs on simple deterministic input presets
  • requirements.txt
    • minimal Python dependency list
  • SHA256SUMS.txt
    • file hashes for the published pack

Reproduce

Environment requirements:

  • Linux x86_64
  • NVIDIA GPU
  • TensorRT Python package compatible with the published engines
  • CUDA runtime available as libcudart.so

Set up a clean environment:

python3 -m venv /tmp/trt-efficientnms-poc
/tmp/trt-efficientnms-poc/bin/python -m pip install --upgrade pip
/tmp/trt-efficientnms-poc/bin/python -m pip install -r requirements.txt

Run the verifier:

/tmp/trt-efficientnms-poc/bin/python verify_efficientnms_remote.py

Expected result:

  • both engines download successfully
  • both engines deserialize and execute
  • the returned JSON shows:
    • control num_detections = 0/1/1/0
    • neg_score num_detections = 4/4/4/4

Notes

  • This pack is a benign research PoC for security triage.
  • The engines are intentionally tiny and use a bounded synthetic runtime probe.
  • The public HF scan state for this repo should be checked separately after upload via the Hugging Face scan API.
Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support