Preface: A design limitation has been discovered in the ONNX quantization function of the NVIDIA model optimizer for Windows and Linux. However, confusingly, the ONXY function appears to only work on Windows/RTX (not Linux). What is the actual design limitation?

A sophisticated technical question. The confusion often stems from the fact that while ONNX is the primary deployment format for Windows/RTX, the quantization process (where the vulnerability often lies) frequently occurs on Linux development servers.

Background: Why does the vulnerability affect both Linux and Windows?

Although ONNX is the target format for Windows AI PC applications, the NVIDIA Model Optimizer (ModelOpt) library is cross-platform.

*Linux as the “Factory”: Most developers use powerful Linux servers (with A100/H100 GPUs) to run the ModelOpt quantization scripts. They generate the optimized ONNX model on Linux and then “ship” it to Windows clients. Therefore, the vulnerability exists in the Linux-based conversion tools.

Vulnerability details: NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. (Initial release – March 24, 2026)

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5798