Information Disclosure in NVIDIA Jetson Linux Due to Initrd Configuration Issues
CVE-2026-24153

5.2MEDIUM

Key Information:

Vendor: Nvidia
Status: Jetson Xavier Series, Jetson Orin Series And Jetson Thor
Vendor: CVE Published:; 31 March 2026

What is CVE-2026-24153?

NVIDIA Jetson Linux contains a vulnerability in its initrd subsystem where the nvluks trusted application is inadequately managed, allowing unauthorized access to potentially sensitive information. Exploiting this flaw could lead to significant data exposure, highlighting the importance of keeping the system updated and implementing robust security measures.

Affected Version(s)

Jetson Xavier Series, Jetson Orin Series and Jetson Thor Jetson Linux(35) All versions prior to 35.6.4

Jetson Xavier Series, Jetson Orin Series and Jetson Thor Jetson Linux(36) All versions prior to 36.5

Jetson Xavier Series, Jetson Orin Series and Jetson Thor Jetson Linux(38) 38.2

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24153

https://www.cve.org/CVERecord?id=CVE-2026-24153

https://nvidia.custhelp.com/app/answers/detail/a_id/5797

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24153 Data

JSON

Nvidia

What is CVE-2026-24153?

Affected Version(s)

References

CVSS V3.1

Timeline