CVE-2026-24148

HIGH

NVIDIA Jetson Xavier Series and Jetson Orin Series < 35.6.4 - Insecure Default Resource Initialization

Title source: llm

Description

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.

References (3)

Core 3

Core References

https://nvd.nist.gov/vuln/detail/CVE-2026-24148

https://www.cve.org/CVERecord?id=CVE-2026-24148

https://nvidia.custhelp.com/app/answers/detail/a_id/5797

Scores

CVSS v3 8.3

EPSS 0.0035

EPSS Percentile 26.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1188

Status published

Products (3)

NVIDIA/Jetson Xavier Series and Jetson Orin Series All versions prior to 35.6.4

NVIDIA/Jetson Xavier Series and Jetson Orin Series All versions prior to 36.5

nvidia/jetson_linux < 35.6.4

Published Mar 31, 2026

Tracked Since Mar 31, 2026