Executive Summary

CVE-2026-24153 is a vulnerability in NVIDIA Jetson Linux affecting the initrd (initial RAM disk) environment. The issue arises because the nvluks trusted application is not disabled by default. This flaw allows an attacker with physical access and low privileges to potentially cause information disclosure.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information. An attacker with physical access and low privileges could exploit this flaw to gain access to confidential data. The impact is limited to confidentiality, with no effect on integrity or availability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate CVE-2026-24153, users should install the security update provided by NVIDIA. This update is available via the APT server or the Jetson Download Center.

The vulnerability is fixed in Jetson Linux versions 35.6.4, 36.5, 38.2, and 38.4 for Jetson Xavier Series, Jetson Orin Series, and Jetson Thor platforms. Upgrading to one of these versions or later will address the issue.

Useful 0 Not Useful 0

Compliance Impact

CVE-2026-24153 involves a vulnerability that may lead to information disclosure due to improper handling of the nvluks trusted application in NVIDIA Jetson Linux. Since the vulnerability can result in unauthorized disclosure of sensitive information, it could potentially impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require safeguarding confidential data against unauthorized access.

However, the provided information does not explicitly mention any direct effects or assessments regarding compliance with specific standards or regulations.

Useful 0 Not Useful 0