CVE-2026-24153

#!/bin/bash # PoC to check if nvluks trusted application is active in initrd # This script demonstrates the check for the vulnerability condition. echo "[*] Checking initrd environment for nvluks trusted application..." # Hypothetical check for the nvluks service status # In a real scenario, this might involve querying the TEE or checking specific processes if systemctl is-active nvluks-service 2>/dev/null || ps aux | grep -v grep | grep -q nvluks; then echo "[+] VULNERABLE: nvluks trusted application is running and not disabled." echo "[!] Information disclosure risk is present." else echo "[-] Not Vulnerable: nvluks appears to be disabled or not running." fi

{"cve": {"id": "CVE-2026-24153", "sourceIdentifier": "[email protected]", "published": "2026-03-31T17:16:30.080", "lastModified": "2026-04-03T19:09:44.680", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 5.2, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.7, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-501"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "versionEndExcluding": "35.6.4", "matchCriteriaId": "B73BF007-6D88-4803-B94B-647CCEC5E291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "versionStartIncluding": "36.0", "versionEndExcluding": "36.5", "matchCriteriaId": "23FF116C-64BD-4F4D-960F-92A289CB8150"}, {"vulnerable": true, "criteria": "cpe:2.3:o:nvidia:jetson_linux:38.2:*:*:*:*:*:*:*", "matchCriteriaId": "1FAEFF9B-826E-43AA-A67E-AB89871ED945"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_32gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "D196FDF9-FC0F-4411-826D-5A7416F26159"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_64gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "2392844C-6B11-41EA-A280-3AF1BDB77DC2"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_developer_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7F9D64-EA34-4309-8B2B-293346BD6D25"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_industrial:-:*:*:*:*:*:*:*", "matchCriteriaId": "211E860F-BEFF-4407-967B-3C1332268D8E"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_thor_developer_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFEAFC57-D875-43A7-806F-6F4F07F473C8"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F92D471-8E65-41FC-A5DE-255136F6F989"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "B51F666B-F3ED-4CF3-B48E-B39BDE1C2579"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C7C6B22-EBD3-4465-9852-4A4844AA714A"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nano_4gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "80DA8F1E-9ED6-476A-9C9F-3DC231E5142D"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nano_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD549248-1C2C-4A0C-9822-691F3D77AEB1"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nano_super_developer_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F4ECB54-9725-4BFA-A9E7-2F24EAE5BDAB"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nx_16gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D96D5C9-4F9F-4487-90B9-0D8D473D4C6B"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nx_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3CF8EB6-767C-43F8-A327-A2D4A91A7CF1"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_t4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DDF9FD4-4FE1-4523-BDD6-BEF82B4FFD73"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_t5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADCF7D93-C341-4ED4-86CC-2BB7FF31F620"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "A36028A3-EE83-4158-9039-5C6C795FA048"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "22852BE0-B587-48B4-A7B6-6496715C32EF"}]}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24153", "source": "[email protected]", "tags": [" ... (truncated)