CVE-2026-24148

critical

Description

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.

References

Advisories
More

https://www.cve.org/CVERecord?id=CVE-2026-24148

https://nvd.nist.gov/vuln/detail/CVE-2026-24148

https://nvidia.custhelp.com/app/answers/detail/a_id/5797

Details

Source: Mitre, NVD

Published: 2026-03-31

Updated: 2026-04-03

Risk Information

CVSS v2

Base Score: 9.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:P

Severity: High

CVSS v3

Base Score: 9.4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Severity: Critical

EPSS

EPSS: 0.00036