{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24148", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:27.438Z", "datePublished": "2026-03-31T16:22:51.128Z", "dateUpdated": "2026-04-01T14:00:45.033Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-31T16:22:51.128Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1188", "description": "CWE-1188 Initialization of a Resource with an Insecure Default", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Data tampering, information disclosure, denial of service"}]}], "affected": [{"vendor": "NVIDIA", "product": "Jetson Xavier Series and Jetson Orin Series", "platforms": ["Jetson Linux(35)"], "versions": [{"status": "affected", "version": "All versions prior to 35.6.4"}], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Jetson Xavier Series and Jetson Orin Series", "platforms": ["Jetson Linux(36)"], "versions": [{"status": "affected", "version": "All versions prior to 36.5"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24148"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24148"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5797"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T14:00:38.048847Z", "id": "CVE-2026-24148", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:00:45.033Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24148", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T14:00:38.048847Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:00:41.305Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Data tampering, information disclosure, denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Jetson Xavier Series and Jetson Orin Series", "versions": [{"status": "affected", "version": "All versions prior to 35.6.4"}], "platforms": ["Jetson Linux(35)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Jetson Xavier Series and Jetson Orin Series", "versions": [{"status": "affected", "version": "All versions prior to 36.5"}], "platforms": ["Jetson Linux(36)"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24148"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24148"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5797"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1188", "description": "CWE-1188 Initialization of a Resource with an Insecure Default"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-31T16:22:51.128Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24148", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:00:45.033Z", "dateReserved": "2026-01-21T19:09:27.438Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-03-31T16:22:51.128Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID."}], "id": "CVE-2026-24148", "lastModified": "2026-04-01T14:24:02.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-03-31T17:16:29.180", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24148"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5797"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24148"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["jetson_linux(35)"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,35.6.4)"}}], "original": {"product": "Jetson Xavier Series and Jetson Orin Series", "source": "cna", "vendor": "NVIDIA"}, "product": "jetson_orin_series", "vendor": "nvidia"}, {"configurations": [{"platform": ["jetson_linux(36)"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,36.5)"}}], "original": {"product": "Jetson Xavier Series and Jetson Orin Series", "source": "cna", "vendor": "NVIDIA"}, "product": "jetson_orin_series", "vendor": "nvidia"}, {"configurations": [{"platform": ["jetson_linux(35)"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,35.6.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Jetson Xavier Series and Jetson Orin Series", "source": "cna", "vendor": "NVIDIA"}, "product": "jetson_xavier_series", "vendor": "nvidia"}, {"configurations": [{"platform": ["jetson_linux(36)"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,36.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Jetson Xavier Series and Jetson Orin Series", "source": "cna", "vendor": "NVIDIA"}, "product": "jetson_xavier_series", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-03-31T17:22:01.364593+00:00", "value": {"mitigation_remediation": ["Verify the JetPack version installed and consult NVIDIA release notes for the fix.", "Apply the latest JetPack update that contains the patch for this vulnerability.", "Restrict unprivileged user access to the processes that perform system initialization.", "Monitor system logs for anomalous resource initialization events or unauthorized starts."], "summary": {"action": "Immediate Patch", "impact": "Data confidentiality, integrity and availability risk"}, "threat_synthesis": {"affected_systems": "The advisory targets NVIDIA Jetson Xavier Series and Jetson Orin Series boards that run JetPack installations. Specific affected versions are not listed, so all current releases that use the original initialization routine could be compromised until a patched release is issued.\n", "description_and_impact": "The flaw lies in JetPack\u2019s system initialization logic, where an unprivileged user can force a resource to start with an insecure default. This can expose encrypted data, allow tampering of data, or trigger a partial denial of service across devices that share the same machine ID. The vulnerability is a classic case of improper configuration that breaks confidentiality, integrity and availability.\n", "risk_and_exploitability": "The CVSS score of 8.3 shows high severity, and although EPSS data is unavailable, the flaw is not yet in CISA\u2019s Known Exploited Vulnerabilities catalog. The likely attack vector is a local, unprivileged user able to influence the initialization code, making devices in insecure or shared environments especially vulnerable. The impact includes potential leakage of encrypted information, manipulation of system data, and limited service interruption."}}}}, "created": "2026-03-31T19:53:59.657151+00:00", "title": "Privilege-Based Resource Initialization Weakness on NVIDIA Jetson Devices", "updated": "2026-03-31T20:37:57.215662+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$jetson_orin_series", "nvidia$PRODUCT$jetson_xavier_series"]}