CVE-2026-24154

CVE	CVE-2026-24154
State	PUBLISHED
Assigner	nvidia
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-03-31 17:16:30 UTC
Updated	2026-04-01 14:24:02 UTC
Description	NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

Primary CVSS: v3.1 7.6 HIGH from [email protected]

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS: 0.000290000 probability, percentile 0.083280000 (date 2026-04-01)

Problem Types: CWE-78 | CWE-78 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	7.6	HIGH	`CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`
3.1	CNA	CVSS	7.6	HIGH	`CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source	Vendor	Product	Version	Platforms
CNA	NVIDIA	Jetson Xavier Series Jetson Orin Series And Jetson Thor	affected All versions prior to 35.6.4	Jetson Linux(35)
CNA	NVIDIA	Jetson Xavier Series Jetson Orin Series And Jetson Thor	affected All versions prior to 36.5	Jetson Linux(36)
CNA	NVIDIA	Jetson Xavier Series Jetson Orin Series And Jetson Thor	affected 38.2	Jetson Linux(38)

Reference	Source	Link
nvidia.custhelp.com/app/answers/detail/a_id/5797	[email protected]	nvidia.custhelp.com
nvd.nist.gov/vuln/detail/CVE-2026-24154	[email protected]	nvd.nist.gov
www.cve.org/CVERecord	[email protected]	www.cve.org

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.