NVIDIA Jetson
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in NVIDIA Jetson.
Recent NVIDIA Jetson Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 5716 | Security Bulletin: NVIDIA Jetson Xavier, Orin, Thor, and IGX Orin Devices - October 2025 | October 14, 2025 |
| 5662 | Security Bulletin: NVIDIA Jetson AGX Orin Series and IGX Orin - July 2025 | July 15, 2025 |
| 5617 | Security Bulletin: NVIDIA Jetson AGX Orin Series and IGX Orin - February 2025 | February 25, 2025 |
| 5611 | Security Bulletin: NVIDIA Jetson AGX Orin Series and NVIDIA IGX Orin - February 2025 | February 11, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in NVIDIA Jetson. Last year, in 2025 Jetson had 2 security vulnerabilities published. Right now, Jetson is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 6.55 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.15 |
| 2022 | 0 | 0.00 |
| 2021 | 11 | 6.47 |
| 2020 | 0 | 0.00 |
| 2019 | 4 | 6.90 |
It may take a day or so for new Jetson vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NVIDIA Jetson Security Vulnerabilities
NvMap Over-allocation in NVIDIA Jetson Linux/IGX OS Local DoS
CVE-2025-33177
5.5 - Medium
- October 14, 2025
NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service.
Resource Exhaustion
NVIDIA Jetson UEFI Auth. Flaw Enables DT Corruption & DoS
CVE-2025-33182
7.6 - High
- October 14, 2025
NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service.
AuthZ
Local Privilege Attack: DOS via nvbootctrl in NVIDIA Jetson Driver
CVE-2023-25520
5.5 - Medium
- June 23, 2023
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.
Improper Input Validation
NVIDIA Jetson CBoot PCIe Init Vulnerability Enables Physical Memory A/C
CVE-2023-25518
6.8 - Medium
- June 23, 2023
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node
CVE-2021-1114
4.4 - Medium
- August 11, 2021
NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service.
NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources
CVE-2021-1113
4.7 - Medium
- August 11, 2021
NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients.
Authorization
NVIDIA Linux kernel distributions contain a vulnerability in nvmap
CVE-2021-1112
5.5 - Medium
- August 11, 2021
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check
CVE-2021-1111
6.7 - Medium
- August 11, 2021
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.
Buffer Overflow
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation
CVE-2021-1110
7.1 - High
- August 11, 2021
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.
NVIDIA camera firmware contains a multistep
CVE-2021-1109
7.2 - High
- August 11, 2021
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be
CVE-2021-1106
7.8 - High
- August 11, 2021
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths
CVE-2021-1107
7.8 - High
- August 11, 2021
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP)
CVE-2021-1108
7.3 - High
- August 11, 2021
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in
CVE-2021-1071
5.6 - Medium
- January 26, 2021
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in
CVE-2021-1070
7.1 - High
- January 26, 2021
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.
NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner
CVE-2018-6239
5.5 - Medium
- April 12, 2019
NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3.
Information Disclosure
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference
CVE-2018-6269
- April 12, 2019
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3.
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded
CVE-2019-5673
6.1 - Medium
- April 11, 2019
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service.
Improper Check for Unusual or Exceptional Conditions
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing
CVE-2019-5672
9.1 - Critical
- April 11, 2019
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
Key Management Errors
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing
CVE-2019-5672
9.1 - Critical
- April 11, 2019
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
Key Management Errors
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NVIDIA Jetson or by NVIDIA? Click the Watch button to subscribe.
