Description
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.
Published: 2026-03-31
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: Data confidentiality, integrity and availability risk
Action: Immediate Patch
AI Analysis

Impact

The flaw lies in JetPack’s system initialization logic, where an unprivileged user can force a resource to start with an insecure default. This can expose encrypted data, allow tampering of data, or trigger a partial denial of service across devices that share the same machine ID. The vulnerability is a classic case of improper configuration that breaks confidentiality, integrity and availability.

Affected Systems

The advisory targets NVIDIA Jetson Xavier Series and Jetson Orin Series boards that run JetPack installations. Specific affected versions are not listed, so all current releases that use the original initialization routine could be compromised until a patched release is issued.

Risk and Exploitability

The CVSS score of 8.3 shows high severity, and although EPSS data is unavailable, the flaw is not yet in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is a local, unprivileged user able to influence the initialization code, making devices in insecure or shared environments especially vulnerable. The impact includes potential leakage of encrypted information, manipulation of system data, and limited service interruption.

Generated by OpenCVE AI on March 31, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the JetPack version installed and consult NVIDIA release notes for the fix.
  • Apply the latest JetPack update that contains the patch for this vulnerability.
  • Restrict unprivileged user access to the processes that perform system initialization.
  • Monitor system logs for anomalous resource initialization events or unauthorized starts.

Generated by OpenCVE AI on March 31, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Privilege-Based Resource Initialization Weakness on NVIDIA Jetson Devices
First Time appeared Nvidia
Nvidia jetson Orin Series
Nvidia jetson Xavier Series
Vendors & Products Nvidia
Nvidia jetson Orin Series
Nvidia jetson Xavier Series

Tue, 31 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.
Weaknesses CWE-1188
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Nvidia Jetson Orin Series Jetson Xavier Series
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-31T16:22:51.128Z

Reserved: 2026-01-21T19:09:27.438Z

Link: CVE-2026-24148

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T17:16:29.180

Modified: 2026-03-31T17:16:29.180

Link: CVE-2026-24148

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:37:57Z

Weaknesses