CVE-2026-24148
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/03/2026
Last modified:
03/04/2026
Description
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.
Impact
Base Score 3.x
8.30
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:* | 35.6.4 (excluding) | |
| cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:* | 36.0 (including) | 36.5 (excluding) |
| cpe:2.3:h:nvidia:jetson_agx_orin_32gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_agx_orin_64gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_agx_orin_developer_kit:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_agx_orin_industrial:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_orin_nano_4gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_orin_nano_8gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_orin_nano_super_developer_kit:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_orin_nx_16gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_orin_nx_8gb:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page