CVE-2026-24148
Published: 31 March 2026
Summary
CVE-2026-24148 is a high-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Nvidia Jetson Linux. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of flaws, including patches for the specific vulnerability in NVIDIA Jetson system initialization logic.
Enforces secure configuration settings to prevent initialization of resources with insecure defaults exploited by unprivileged attackers.
Limits privileges of unprivileged attackers, reducing their ability to trigger insecure resource initialization remotely.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network exploitation of insecure default resource initialization on Jetson platforms directly matches T1190; low-privilege attacker achieving high confidentiality/integrity impact indicates facilitation of privilege escalation via T1068.
NVD Description
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted…
more
data, data tampering, and partial denial of service across devices sharing the same machine ID.
Deeper analysisAI
CVE-2026-24148 affects NVIDIA Jetson platforms running JetPack software, specifically in the system initialization logic. The vulnerability enables an unprivileged attacker to force the initialization of a resource using an insecure default configuration. Published on 2026-03-31, it is rated with a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) and is associated with CWE-1188.
An unprivileged attacker with low privileges can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Successful exploitation may result in information disclosure of encrypted data, data tampering, and partial denial of service impacting multiple devices that share the same machine ID.
Official advisories provide further details on mitigation, including patches where available. Refer to the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5797, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-24148, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2026-24148.
Details
- CWE(s)