CVE-2026-24153

CVE	CVE-2026-24153
State	PUBLISHED
Assigner	nvidia
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-03-31 17:16:30 UTC
Updated	2026-04-01 14:24:02 UTC
Description	NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.

Primary CVSS: v3.1 5.2 MEDIUM from [email protected]

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS: 0.000140000 probability, percentile 0.024270000 (date 2026-04-01)

Problem Types: CWE-501 | CWE-501 CWE-501 Trust Boundary Violation

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	5.2	MEDIUM	`CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N`
3.1	CNA	CVSS	5.2	MEDIUM	`CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N`

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Source	Vendor	Product	Version	Platforms
CNA	NVIDIA	Jetson Xavier Series Jetson Orin Series And Jetson Thor	affected All versions prior to 35.6.4	Jetson Linux(35)
CNA	NVIDIA	Jetson Xavier Series Jetson Orin Series And Jetson Thor	affected All versions prior to 36.5	Jetson Linux(36)
CNA	NVIDIA	Jetson Xavier Series Jetson Orin Series And Jetson Thor	affected 38.2	Jetson Linux(38)

Reference	Source	Link
nvd.nist.gov/vuln/detail/CVE-2026-24153	[email protected]	nvd.nist.gov
nvidia.custhelp.com/app/answers/detail/a_id/5797	[email protected]	nvidia.custhelp.com
www.cve.org/CVERecord	[email protected]	www.cve.org

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.