CVE-2026-24153: CWE-501 Trust Boundary Violation in NVIDIA Jetson Xavier Series, Jetson Orin Series and Jetson Thor
NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
AI Analysis
Technical Summary
CVE-2026-24153 is a trust boundary violation vulnerability (CWE-501) in NVIDIA Jetson Linux initrd where the nvluks trusted application remains enabled when it should be disabled. This improper trust boundary handling can allow an attacker with local privileges to disclose sensitive information. The issue affects Jetson Xavier, Orin, and Thor series devices running versions prior to 35.6.4. The CVSS 3.1 vector indicates the attack requires physical access (AV:P), low complexity (AC:L), and low privileges (PR:L), with no user interaction (UI:N). The impact is high confidentiality loss without integrity or availability impact. No official patch or vendor advisory details are provided in the input.
Potential Impact
Successful exploitation can lead to disclosure of sensitive information on affected NVIDIA Jetson devices. The vulnerability does not impact integrity or availability. The attack requires physical access and low privileges. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the NVIDIA vendor advisory for current remediation guidance. Since no patch links or official fix information are provided, users should monitor NVIDIA communications for updates. Until a fix is available, restrict physical access to affected devices and limit user privileges to reduce risk.
CVE-2026-24153: CWE-501 Trust Boundary Violation in NVIDIA Jetson Xavier Series, Jetson Orin Series and Jetson Thor
Description
NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-24153 is a trust boundary violation vulnerability (CWE-501) in NVIDIA Jetson Linux initrd where the nvluks trusted application remains enabled when it should be disabled. This improper trust boundary handling can allow an attacker with local privileges to disclose sensitive information. The issue affects Jetson Xavier, Orin, and Thor series devices running versions prior to 35.6.4. The CVSS 3.1 vector indicates the attack requires physical access (AV:P), low complexity (AC:L), and low privileges (PR:L), with no user interaction (UI:N). The impact is high confidentiality loss without integrity or availability impact. No official patch or vendor advisory details are provided in the input.
Potential Impact
Successful exploitation can lead to disclosure of sensitive information on affected NVIDIA Jetson devices. The vulnerability does not impact integrity or availability. The attack requires physical access and low privileges. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the NVIDIA vendor advisory for current remediation guidance. Since no patch links or official fix information are provided, users should monitor NVIDIA communications for updates. Until a fix is available, restrict physical access to affected devices and limit user privileges to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- nvidia
- Date Reserved
- 2026-01-21T19:09:29.850Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cbf879e6bfc5ba1d28019b
Added to database: 3/31/2026, 4:38:17 PM
Last enriched: 4/8/2026, 4:12:56 AM
Last updated: 5/15/2026, 10:11:14 AM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.