CVE-2026-24154

Published: Mar 31, 2026 Last Modified: Mar 31, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,6

Source: [email protected]

Attack Vector: physical

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Non-Repudiation

Potential Impacts:

Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities

Applicable Platforms

Technologies: AI/ML, Not Technology-Specific, Web Server

Likelihood of Exploit: High

View CWE Details

https://nvd.nist.gov/vuln/detail/CVE-2026-24154

https://nvidia.custhelp.com/app/answers/detail/a_id/5797

https://www.cve.org/CVERecord?id=CVE-2026-24154

CVE-2026-24154

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter