Description
NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
Published: 2026-03-31
Score: 5.2 Medium
EPSS: n/a
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

A flaw in NVIDIA Jetson Linux initrd keeps the nvluks trusted application enabled by default. This misconfiguration allows an attacker to view data that is meant to be protected, resulting in potential leakage of sensitive information. The weakness is classified as CWE‑501, insecure default configuration leading to information exposure.

Affected Systems

The vulnerability affects NVIDIA Jetson devices built on the Xavier Series, Orin Series, and Thor models. No specific firmware or OS versions are listed, so any device that includes the affected initrd and leaves the nvluks trusted application enabled is potentially susceptible.

Risk and Exploitability

The CVSS score of 5.2 indicates moderate severity. EPSS data is not provided, so the likelihood of exploitation cannot be quantified. The likely attack vector requires an adversary with physical access or the ability to modify firmware to manipulate the initrd environment. The issue is not included in the CISA Known Exploited Vulnerabilities catalog, suggesting no known public exploitation. Nevertheless, the disclosure of protected data is a significant risk and should be mitigated promptly.

Generated by OpenCVE AI on March 31, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the nvluks trusted application in the initrd configuration.
  • Apply any vendor-released firmware, OS, or JetPack updates that correct the initrd configuration.
  • Verify the integrity and configuration of the initrd to confirm the trusted application is disabled.
  • Monitor device logs for any attempts to read or manipulate the nvluks sensitive data.
  • Contact NVIDIA support for further guidance if the issue persists.

Generated by OpenCVE AI on March 31, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Undisabled nvluks Trusted Application in NVIDIA Jetson Linux Initrd
First Time appeared Nvidia
Nvidia jetson Orin Series
Nvidia jetson Thor
Nvidia jetson Xavier Series
Vendors & Products Nvidia
Nvidia jetson Orin Series
Nvidia jetson Thor
Nvidia jetson Xavier Series

Tue, 31 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
Weaknesses CWE-501
References
Metrics cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Nvidia Jetson Orin Series Jetson Thor Jetson Xavier Series
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-31T16:23:14.585Z

Reserved: 2026-01-21T19:09:29.850Z

Link: CVE-2026-24153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T17:16:30.080

Modified: 2026-03-31T17:16:30.080

Link: CVE-2026-24153

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:37:56Z

Weaknesses