HIGHCVE-2026-24154Published 2026-03-31Modified 2026-03-31CNA nvidia

CVE-2026-24154: NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

CVSS v3.1: 7.6
Severity: HIGH
Fixed in: —
Affected Products: 3

Affected packages

NVIDIA / Jetson Xavier Series, Jetson Orin Series and Jetson Thor
All versions prior to 35.6.4
NVIDIA / Jetson Xavier Series, Jetson Orin Series and Jetson Thor
All versions prior to 36.5
NVIDIA / Jetson Xavier Series, Jetson Orin Series and Jetson Thor
38.2

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References

nvd.nist.gov
cve.org
nvidia.custhelp.com

Metrics