CVE-2026-24154

Summary

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAJetson Xavier Series, Jetson Orin Series and Jetson ThorAll versions prior to 35.6.4affected
NVIDIAJetson Xavier Series, Jetson Orin Series and Jetson ThorAll versions prior to 36.5affected
NVIDIAJetson Xavier Series, Jetson Orin Series and Jetson Thor38.2affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References