CVE-2026-24148

CVE	CVE-2026-24148
State	PUBLISHED
Assigner	nvidia
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-03-31 17:16:29 UTC
Updated	2026-04-01 14:24:02 UTC
Description	NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.

Primary CVSS: v3.1 8.3 HIGH from [email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS: 0.000360000 probability, percentile 0.106960000 (date 2026-04-01)

Problem Types: CWE-1188 | CWE-1188 CWE-1188 Initialization of a Resource with an Insecure Default

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	8.3	HIGH	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L`
3.1	CNA	CVSS	8.3	HIGH	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L`

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Source	Vendor	Product	Version	Platforms
CNA	NVIDIA	Jetson Xavier Series And Jetson Orin Series	affected All versions prior to 35.6.4	Jetson Linux(35)
CNA	NVIDIA	Jetson Xavier Series And Jetson Orin Series	affected All versions prior to 36.5	Jetson Linux(36)

Reference	Source	Link
nvidia.custhelp.com/app/answers/detail/a_id/5797	[email protected]	nvidia.custhelp.com
www.cve.org/CVERecord	[email protected]	www.cve.org
nvd.nist.gov/vuln/detail/CVE-2026-24148	[email protected]	nvd.nist.gov

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.