CVE-2026-24148
Received Received - Intake
Insecure Initialization Vulnerability in NVIDIA Jetson JetPack Leading to Data Exposure

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: NVIDIA Corporation

Description
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24148
EUVD
EUVD-2026-17510
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nvidia jetson_linux to 35.6.4 (exc)
nvidia jetson_linux From 36.0 (inc) to 36.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in NVIDIA Jetson's system initialization logic can lead to information disclosure of encrypted data, data tampering, and partial denial of service. Such impacts on confidentiality and integrity could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining data integrity.

However, there is no explicit information provided in the available resources about direct effects or assessments related to compliance with these specific standards or regulations.

Executive Summary

CVE-2026-24148 is a vulnerability in the NVIDIA Jetson platform for JetPack, specifically in the system initialization logic.

An unprivileged attacker can exploit this flaw to cause the initialization of a resource with an insecure default configuration.

This can lead to serious security issues such as disclosure of encrypted data, tampering with data, and partial denial of service affecting devices sharing the same machine ID.

Impact Analysis

Exploiting this vulnerability can result in the unauthorized disclosure of encrypted data, which compromises confidentiality.

It can also allow tampering with data, affecting data integrity.

Additionally, it may cause a partial denial of service on devices that share the same machine ID, impacting availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24148. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart