Primary

Context

NVIDIA Jetson and JetPack Insecure Default Initialization Vulnerability Allowing Data Disclosure and Tampering

Vulnerability

A vulnerability exists in NVIDIA Jetson devices running JetPack, specifically in the system initialization logic. This flaw allows an unprivileged attacker to initialize a resource with an insecure default. Exploitation of this vulnerability could result in the unauthorized disclosure of encrypted data, unauthorized data modification, and a partial denial-of-service on devices sharing the same machine ID.

Impact

Exploitation of this vulnerability could lead to unauthorized access to encrypted information, unauthorized alteration of data, and a partial denial-of-service on devices that have the same machine ID.

Remediation

Users can update to Jetson Linux versions 35.6.4 or 36.5. For Jetson Thor, version 38.4 is available. The update can be downloaded from the APT server or the Jetson Download Center.

Added: Mar 31, 2026, 5:33 PM

Updated: Mar 31, 2026, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Jetson and JetPack Insecure Default Initialization Vulnerability Allowing Data Disclosure and Tampering

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating