Upload README.md with huggingface_hub
Browse files
README.md
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# TensorRT VULN-003: Inference DoS via Loop(INT64_MAX)
|
| 2 |
+
|
| 3 |
+
## Vulnerability
|
| 4 |
+
|
| 5 |
+
A 338-byte ONNX model with a Loop operator set to INT64_MAX iterations compiles
|
| 6 |
+
to a valid TensorRT engine that hangs indefinitely during inference. No timeout
|
| 7 |
+
mechanism exists in TensorRT's execute_async_v3().
|
| 8 |
+
|
| 9 |
+
## Impact
|
| 10 |
+
|
| 11 |
+
- Permanent denial of service for any TensorRT inference server
|
| 12 |
+
- 338-byte model file causes infinite hang
|
| 13 |
+
- Affects Triton, TensorRT-LLM, any TRT-based pipeline
|
| 14 |
+
|
| 15 |
+
## Files
|
| 16 |
+
|
| 17 |
+
| File | Description |
|
| 18 |
+
|------|-------------|
|
| 19 |
+
| vuln003_loop_dos.py | Main PoC script |
|
| 20 |
+
| dos_loop.onnx | Malicious ONNX model (338 bytes) |
|
| 21 |
+
| dos_loop.engine | Compiled TRT engine (20,252 bytes) |
|
| 22 |
+
|
| 23 |
+
## Reproduction
|
| 24 |
+
|
| 25 |
+
```bash
|
| 26 |
+
pip install tensorrt onnx torch numpy
|
| 27 |
+
python vuln003_loop_dos.py
|
| 28 |
+
```
|
| 29 |
+
|
| 30 |
+
## Results
|
| 31 |
+
|
| 32 |
+
- Normal model inference (10 loop iterations): completes in 0.0s
|
| 33 |
+
- DoS model inference (INT64_MAX iterations): hangs indefinitely
|
| 34 |
+
- At 1 billion iterations/sec, would take 292 years to complete
|
| 35 |
+
- No timeout, no warning, no error — must kill the process
|