Do Son 
NVIDIA has issued a software update for its Jetson Linux platform to address several security flaws that could leave edge AI and autonomous systems exposed. The vulnerabilities range from high-severity initialization errors to risks involving physical hardware access, affecting the Jetson Xavier, Orin, and Thor series.
The security bulletin details three distinct CVEs that vary in impact and required attacker access:
- Initialization Logic Flaw (CVE-2026-24148): Carrying a high-severity CVSS score of 8.3, this vulnerability exists in the system initialization logic. An unprivileged network attacker could exploit an insecure default setting to disclose encrypted data or tamper with system information.
- Command Line Injection (CVE-2026-24154): Also rated as High Severity (7.6), this flaw allows an attacker with physical access to inject incorrect command-line arguments into the initrd. NVIDIA warns that a successful exploit “might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure”.
- Trusted Application Risk (CVE-2026-24153): A medium-severity vulnerability where the nvluks trusted application is not properly disabled, potentially leading to information disclosure.
The vulnerabilities impact a broad range of Jetson Linux versions across multiple high-performance AI modules.
| Affected Hardware | Platform | Affected Versions | Updated Version |
| Jetson Xavier & Orin Series | Jetson Linux | Prior to 35.6.4 |
35.6.4 |
| Jetson Xavier & Orin Series | Jetson Linux | Prior to 36.5 |
36.5 |
| Jetson Thor | Jetson Linux | 38.2 |
38.4 |
To maintain system integrity, NVIDIA is urging users to “download and install this software update from the APT server or Jetson Download Center page, Jetson Linux Link and IGX Link” immediately.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
