NVIDIA Jetson Linux initrd nvluks TApp Not Disabled Info Disclosure
CVE-2026-24153 Published on March 31, 2026
NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
Vulnerability Analysis
CVE-2026-24153 can be exploited with physical access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message. A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary - to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.
Products Associated with CVE-2026-24153
Want to know whenever a new CVE is published for NVIDIA Jetson? stack.watch will email you.
Affected Versions
NVIDIA Jetson Xavier Series, Jetson Orin Series and Jetson Thor:- Version All versions prior to 35.6.4 is affected.
- Version All versions prior to 36.5 is affected.
- Version 38.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.