YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
TensorRT Engine File RCE PoC
Vulnerability
Arbitrary code execution via embedded native shared libraries (DLL/SO) in TensorRT engine files (.engine/.trt/.plan). The embedded library's constructor (DllMain/__attribute__((constructor))) executes automatically when the engine is deserialized with engine_host_code_allowed=True.
Files
| File | Description |
|---|---|
malicious_model.engine |
Crafted TensorRT engine with embedded malicious DLL |
malicious_plugin.c |
Source code of the malicious plugin |
build_poc.py |
Script to build the malicious engine |
load_poc.py |
Script to load the engine and trigger RCE |
Reproduction
Prerequisites
- NVIDIA GPU with CUDA drivers
- TensorRT 8.6+ (
pip install tensorrt) - C compiler (MSVC on Windows, GCC on Linux)
Steps
# 1. Build the malicious engine (or use the pre-built malicious_model.engine)
python build_poc.py
# 2. Load the engine — triggers arbitrary code execution
python load_poc.py evidence/malicious_model.engine
# 3. Verify code execution
# Windows: check C:\temp\tensorrt_rce_poc.txt
# Linux: check /tmp/tensorrt_rce_poc
Expected Output
[!] TensorRT RCE PoC: Arbitrary code executed via embedded plugin!
[!] Proof written to tensorrt_rce_poc.txt
[!] PID: <process_id>
[!!!] CODE EXECUTION CONFIRMED: C:\temp\tensorrt_rce_poc.txt
Tested Environment
- Windows 10/11, NVIDIA RTX 4080 Super
- CUDA 13.0, TensorRT 10.15.1.29
- Python 3.12
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support