Hugging Face's logo

LilithAdam5
/
tensorrt-deserialization-poc

Model card Files
xet
Community

Model Card for tensorrt-deserialization-poc

This repository contains a Proof-of-Concept (PoC) demonstrating unsafe deserialization in NVIDIA TensorRT engines (IRuntime::deserializeCudaEngine). The PoC triggers a type hash mismatch that may lead to remote code execution or GPU crash. This card documents the PoC, environment, and usage instructions for security research and bug bounty submissions.

Model Details

Model Description

  • Developed by: ZEUS / ATHENA
  • Shared by: ZEUS
  • Model type: Security PoC / Exploit Demonstration
  • Language(s) (NLP): Python
  • License: Apache 2.0
  • Finetuned from model [optional]: N/A

Model Sources

Uses

Direct Use

This PoC is intended for security researchers and bug bounty programs to safely reproduce the unsafe deserialization behavior in TensorRT.

Downstream Use

  • Could be integrated into internal security testing pipelines to validate TensorRT engine safety.
  • Not intended for production use; execution may crash GPUs or systems if misused.

Out-of-Scope Use

  • This PoC is not a machine learning model and should not be used for training, inference, or production ML pipelines.
  • Should not be executed on unisolated production environments.

Bias, Risks, and Limitations

  • Risks: Triggering the PoC may crash GPUs or expose unsafe execution paths.
  • Limitations: Only tested with TensorRT 10.13.3.9 on CUDA 13.x and Python 3.13.
  • Users should run in isolated virtual environments.

Recommendations

  • Always run in a sandboxed GPU environment.
  • Use the provided safe wrapper for triage and bug bounty submissions.

How to Get Started with the PoC

  1. Create and activate a Python virtual environment:
python3 -m venv lilith_venv
source lilith_venv/bin/activate

pip install tensorrt
python poc_trt_rce.py
import tensorrt as trt

with open("safe_trt_crash.trt", "rb") as f:
    engine_data = f.read()

runtime = trt.Runtime(trt.Logger(trt.Logger.WARNING))

try:
    engine = runtime.deserialize_cuda_engine(engine_data)
    if engine:
        print("[!] Deserialization succeeded (unexpected)")
except Exception as e:
    print("[TRT] Error during deserialization:", e)
Environment Details

OS: Ubuntu 22.04

Python: 3.13

CUDA: 13.x

TensorRT: 10.13.3.9

Hardware: NVIDIA GPU (for runtime deserialization)

Technical Specifications

Objective: Demonstrate unsafe deserialization in TensorRT engines for security research.

PoC Language: Python

Serialized Engine File: safe_trt_crash.trt

Citation

Use this repository reference when citing in security reports or bug bounty submissions:

BibTeX:

@misc{LilithAdam5_2025_tensorrt,
  title={tensorrt-deserialization-poc},
  author={ZEUS},
  year={2025},
  howpublished={Hugging Face Hub},
  url={https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc}
}


APA:
ZEUS. (2025). tensorrt-deserialization-poc. Hugging Face Hub. https://huggingface.co/LilithAdam5/tensorrt-deserialization-poc

Model Card Authors

ZEUS

ATHENA

Model Card Contact

Email: [optional]

GitHub / Hugging Face: LilithAdam5
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support