Description
NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
Published: 2026-03-31
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

Information disclosure can occur on NVIDIA Jetson Linux platforms when the initrd contains an enabled nvluks trusted application that should be disabled. The vulnerable component allows the extraction of sensitive data stored on the device, as the trust boundary is not properly enforced. This weakness corresponds to CWE‑501, where flaws in handling cryptographic material lead to leakage of confidential information.

Affected Systems

The affected hardware includes the NVIDIA Jetson Xavier Series, Jetson Orin Series, and Jetson Thor family, all running Jetson Linux 38.2 and later. The vulnerability is present in the initrd image bundled with these devices, regardless of specific model or storage capacity. Any Jetson device that has not applied the latest firmware update is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.2 places this issue in the medium impact range. EPSS indicates a probability of exploitation below 1 %, and the vulnerability is not listed in CISA’s KEV catalog. Because the flaw resides in the boot/initrd stage, an attacker would need local or physical access to the device to tamper with or observe the initrd contents. Consequently, while the exploitation likelihood is low, the potential for confidential data exposure warrants prompt remediation.

Generated by OpenCVE AI on April 3, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA Jetson Linux firmware update that disables the nvluks trusted application in the initrd.
  • Verify that the initrd no longer contains the enabled nvluks component after the update.
  • If an update is unavailable, consider disabling the nvluks trusted application manually, if the platform allows, to prevent information leakage.
  • Monitor NVIDIA’s security advisories for any future patches or additional guidance.

Generated by OpenCVE AI on April 3, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Undisabled nvluks Trusted Application in NVIDIA Jetson Linux Initrd

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia jetson Agx Orin 32gb
Nvidia jetson Agx Orin 64gb
Nvidia jetson Agx Orin Developer Kit
Nvidia jetson Agx Orin Industrial
Nvidia jetson Agx Thor Developer Kit
Nvidia jetson Agx Xavier 32gb
Nvidia jetson Agx Xavier 64gb
Nvidia jetson Agx Xavier Industrial
Nvidia jetson Linux
Nvidia jetson Orin Nano 4gb
Nvidia jetson Orin Nano 8gb
Nvidia jetson Orin Nano Super Developer Kit
Nvidia jetson Orin Nx 16gb
Nvidia jetson Orin Nx 8gb
Nvidia jetson T4000
Nvidia jetson T5000
Nvidia jetson Xavier Nx 16gb
Nvidia jetson Xavier Nx 8gb
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:nvidia:jetson_agx_orin_32gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_orin_64gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_orin_developer_kit:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_orin_industrial:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_thor_developer_kit:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_orin_nano_4gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_orin_nano_8gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_orin_nano_super_developer_kit:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_orin_nx_16gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_orin_nx_8gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_t4000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_t5000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_xavier_nx_8gb:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:jetson_linux:38.2:*:*:*:*:*:*:*
Vendors & Products Nvidia jetson Agx Orin 32gb
Nvidia jetson Agx Orin 64gb
Nvidia jetson Agx Orin Developer Kit
Nvidia jetson Agx Orin Industrial
Nvidia jetson Agx Thor Developer Kit
Nvidia jetson Agx Xavier 32gb
Nvidia jetson Agx Xavier 64gb
Nvidia jetson Agx Xavier Industrial
Nvidia jetson Linux
Nvidia jetson Orin Nano 4gb
Nvidia jetson Orin Nano 8gb
Nvidia jetson Orin Nano Super Developer Kit
Nvidia jetson Orin Nx 16gb
Nvidia jetson Orin Nx 8gb
Nvidia jetson T4000
Nvidia jetson T5000
Nvidia jetson Xavier Nx 16gb
Nvidia jetson Xavier Nx 8gb

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Undisabled nvluks Trusted Application in NVIDIA Jetson Linux Initrd
First Time appeared Nvidia
Nvidia jetson Orin Series
Nvidia jetson Thor
Nvidia jetson Xavier Series
Vendors & Products Nvidia
Nvidia jetson Orin Series
Nvidia jetson Thor
Nvidia jetson Xavier Series

Tue, 31 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
Weaknesses CWE-501
References
Metrics cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Nvidia Jetson Agx Orin 32gb Jetson Agx Orin 64gb Jetson Agx Orin Developer Kit Jetson Agx Orin Industrial Jetson Agx Thor Developer Kit Jetson Agx Xavier 32gb Jetson Agx Xavier 64gb Jetson Agx Xavier Industrial Jetson Linux Jetson Orin Nano 4gb Jetson Orin Nano 8gb Jetson Orin Nano Super Developer Kit Jetson Orin Nx 16gb Jetson Orin Nx 8gb Jetson Orin Series Jetson T4000 Jetson T5000 Jetson Thor Jetson Xavier Nx 16gb Jetson Xavier Nx 8gb Jetson Xavier Series
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-04-01T13:59:00.585Z

Reserved: 2026-01-21T19:09:29.850Z

Link: CVE-2026-24153

cve-icon Vulnrichment

Updated: 2026-04-01T13:58:56.958Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T17:16:30.080

Modified: 2026-04-03T19:09:44.680

Link: CVE-2026-24153

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:07:56Z

Weaknesses