CVE-2026-24148
Received Received - Intake

Insecure Initialization Vulnerability in NVIDIA Jetson JetPack Leading to Data Exposure

Vulnerability report for CVE-2026-24148, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: NVIDIA Corporation

Description

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-07-06
AI Q&A
2026-03-31
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nvidia jetson_linux to 35.6.4 (exc)
nvidia jetson_linux From 36.0 (inc) to 36.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in NVIDIA Jetson's system initialization logic can lead to information disclosure of encrypted data, data tampering, and partial denial of service. Such impacts on confidentiality and integrity could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining data integrity.

However, there is no explicit information provided in the available resources about direct effects or assessments related to compliance with these specific standards or regulations.

Executive Summary

CVE-2026-24148 is a vulnerability in the NVIDIA Jetson platform for JetPack, specifically in the system initialization logic.

An unprivileged attacker can exploit this flaw to cause the initialization of a resource with an insecure default configuration.

This can lead to serious security issues such as disclosure of encrypted data, tampering with data, and partial denial of service affecting devices sharing the same machine ID.

Impact Analysis

Exploiting this vulnerability can result in the unauthorized disclosure of encrypted data, which compromises confidentiality.

It can also allow tampering with data, affecting data integrity.

Additionally, it may cause a partial denial of service on devices that share the same machine ID, impacting availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24148. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart