9.4

CVE-2026-24148

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NvidiaJetson Linux Version < 35.6.4
   NvidiaJetson Agx Orin 32gb Version-
   NvidiaJetson Agx Orin 64gb Version-
   NvidiaJetson Agx Orin Developer Kit Version-
   NvidiaJetson Agx Orin Industrial Version-
   NvidiaJetson Agx Xavier 32gb Version-
   NvidiaJetson Agx Xavier 64gb Version-
   NvidiaJetson Agx Xavier Industrial Version-
   NvidiaJetson Orin Nano 4gb Version-
   NvidiaJetson Orin Nano 8gb Version-
   NvidiaJetson Orin Nano Super Developer Kit Version-
   NvidiaJetson Orin Nx 16gb Version-
   NvidiaJetson Orin Nx 8gb Version-
   NvidiaJetson Xavier Nx 16gb Version-
   NvidiaJetson Xavier Nx 8gb Version-
NvidiaJetson Linux Version >= 36.0 < 36.5
   NvidiaJetson Agx Orin 32gb Version-
   NvidiaJetson Agx Orin 64gb Version-
   NvidiaJetson Agx Orin Developer Kit Version-
   NvidiaJetson Agx Orin Industrial Version-
   NvidiaJetson Agx Xavier 32gb Version-
   NvidiaJetson Agx Xavier 64gb Version-
   NvidiaJetson Agx Xavier Industrial Version-
   NvidiaJetson Orin Nano 4gb Version-
   NvidiaJetson Orin Nano 8gb Version-
   NvidiaJetson Orin Nano Super Developer Kit Version-
   NvidiaJetson Orin Nx 16gb Version-
   NvidiaJetson Orin Nx 8gb Version-
   NvidiaJetson Xavier Nx 16gb Version-
   NvidiaJetson Xavier Nx 8gb Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.265
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.4 3.9 5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
psirt@nvidia.com 8.3 2.8 5.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

https://nvd.nist.gov/vuln/detail/CVE-2026-24148
Third Party Advisory
US Government Resource
https://www.cve.org/CVERecord?id=CVE-2026-24148
Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5797
Vendor Advisory