NVIDIA Security Update: Vulnerability in Triton Inference Server

NVIDIA has released a security update addressing a critical vulnerability (CVE-2023-31036) in the Triton Inference Server for both Linux and Windows platforms. This vulnerability allows for a relative path traversal when the server is launched with the non-default command line option –model-control explicit. As a result, attackers may exploit this to achieve code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The severity is rated as “High” with a base score of 7.5 according to CVSS v3.1 standards. However, it’s important to note that this vulnerability affects only non-default deployments using specific command line options.

The security update, included in version 2.40, addresses this vulnerability by providing the ability to restrict the HTTP endpoint of the model load API and preventing access to directories outside the model directory. Additionally, a Secure Deployment Considerations Guide has been made available to aid users in implementing best practices when deploying Triton-based solutions.

NVIDIA encourages affected users to update to version 2.40 and emphasizes that default deployments are not affected. The company also acknowledges l1k3beef @ tencent-zhuquelab for reporting the issue.

For more details and to stay updated on NVIDIA product security, users can visit the NVIDIA Product Security page. Finally, users are advised to contact NVIDIA Support for any questions regarding this security bulletin.

Original Security Bulletin