Instructions to use hacnho/tensorrt-multilevelcrop-threshold-bypass-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- TensorRT
How to use hacnho/tensorrt-multilevelcrop-threshold-bypass-poc with TensorRT:
# No code snippets available yet for this library. # To use this model, check the repository files and the library's documentation. # Want to help? PRs adding snippets are welcome at: # https://github.com/huggingface/huggingface.js
- Notebooks
- Google Colab
- Kaggle
TensorRT MultilevelCropAndResize threshold PoC
This public repository contains a benign security research PoC for a TensorRT Model File Vulnerability report.
Files:
control_multilevelcrop.engine: control TensorRT engine with serializedMultilevelCropAndResize_TRT mThresh=12544.0.malicious_threshold_zero.engine: crafted TensorRT engine with serializedMultilevelCropAndResize_TRT mThresh=0.0.reproduce.py: runs both engines through TensorRT inference and prints the output delta.
Tested environment:
- TensorRT
11.1.0.106 - modelscan
0.8.8 - Entry point:
trt.Runtime(logger).deserialize_cuda_engine(...), thenctx.execute_async_v3(0)
Reproduction:
python reproduce.py \
--control control_multilevelcrop.engine \
--malicious malicious_threshold_zero.engine
Expected result:
- Control output prefix:
[10.0, 10.0, 10.0, 10.0, ...] - Malicious output prefix:
[50.0, 50.0, 50.0, 50.0, ...]
The malicious engine silently reroutes ROIAlign sampling from the expected FPN feature level to another feature level while the engine loads and executes.
Scanner result:
modelscan 0.8.8: No issues found
Skipped: Model Scan did not scan file
- Downloads last month
- -
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support