CVE-2023-31036: 
Triton Inference Server vulnerability analysis and mitigation

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability (CVE-2023-31036) discovered in December 2023. The vulnerability exists when the server is launched with the non-default command line option --model-control explicit, allowing an attacker to use the model load API to cause a relative path traversal. This vulnerability affects all versions prior to 2.40 of the Triton Inference Server (NVIDIA Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-23 (Relative Path Traversal) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The vulnerability specifically affects deployments that enable dynamic model loading through the model control APIs using the --model-control explicit command line option (NVIDIA Advisory).

A successful exploitation of this vulnerability can lead to multiple severe consequences including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The vulnerability is particularly concerning for organizations using non-default deployments of the Triton Inference Server (NVIDIA Advisory, SecurityWeek).

NVIDIA has released version 2.40 of the Triton Inference Server to address this vulnerability. The update includes two key security improvements: the ability to restrict the HTTP endpoint of the model load API and prevention of the model load API from accessing directories outside the model directory. These updates were made available in the development branch on November 10, 2023, and in the release branch on December 4, 2023. Organizations are advised to install the latest release from the Triton Inference Server Releases page on GitHub and review the Secure Deployment Considerations Guide (NVIDIA Advisory).