CVE-2026-24154
Received Received - Intake
Command Injection in NVIDIA Jetson Linux initrd Enables Privilege Escalation

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: NVIDIA Corporation

Description
NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24154
EUVD
EUVD-2026-17514
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
nvidia jetson_linux to 35.6.4 (exc)
nvidia jetson_linux From 36.0 (inc) to 36.5 (exc)
nvidia jetson_linux 38.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24154 is a vulnerability in NVIDIA Jetson Linux related to the initial ramdisk (initrd).

It allows an unprivileged attacker with physical access to inject incorrect command line arguments during system initialization.

This vulnerability is classified as an OS Command Injection (CWE-78), meaning special elements used in OS commands are not properly neutralized.

Impact Analysis

Exploiting this vulnerability can lead to severe consequences including code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

The vulnerability has a high impact on confidentiality, integrity, and availability of the affected system.

Compliance Impact

The vulnerability in NVIDIA Jetson Linux allows an unprivileged attacker with physical access to execute code, escalate privileges, cause denial of service, tamper with data, and disclose information. Such impacts on confidentiality, integrity, and availability could potentially lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, the provided information does not explicitly mention or analyze the direct effects of this vulnerability on compliance with specific standards or regulations.

Detection Guidance

This vulnerability involves an attacker with physical access injecting incorrect command line arguments into the initrd during system initialization on NVIDIA Jetson Linux.

Detection would require physical inspection or verification of the initrd command line arguments and system boot parameters for unauthorized modifications.

No specific detection commands or network-based detection methods are provided in the available information.

Mitigation Strategies

The vulnerability requires physical access to the device, so immediate mitigation steps include restricting physical access to the affected NVIDIA Jetson Linux systems.

Additionally, monitoring and verifying the integrity of the initrd and boot command line arguments can help prevent exploitation.

No specific patches, configuration changes, or commands to mitigate this vulnerability are detailed in the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24154. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart