Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
320x100 Itcentric
HackTheBox 970x120 1
NVIDIA Tegra X2 Vulnerability: Millions of Devices at Risk

NVIDIA Tegra X2 Vulnerability: Millions of Devices at Risk

1 January 2026 18:42

At the 39th annual Chaos Communications Conference (39C3) , security researcher Amber Katze, 22, announced that she has completely analyzed and cracked the secure boot mechanism of the NVIDIA Tegra X2 chip.

Amber Katze is a security researcher with a passion for hacking embedded devices. She previously worked on hacking the Nintendo Switch and even gave a talk on the topic at GPN21.

This discovery indicates that millions of devices equipped with this chip, ranging from MRI glasses to electric vehicle systems, could be vulnerable, provided an attacker has physical access to the device’s USB port.

Amber Katze explained that the main motivation for her work was Magic Leap’s decommissioning of the Magic Leap One launch server in 2024. This outage had rendered the mixed reality glasses virtually unusable , turning them into veritable ” e-waste.” Her goal was therefore to restore the functionality of these devices.

The Magic Leap One uses the NVIDIA Tegra X2 chip, which uses the Fastboot protocol during startup. The open-source version of the code is provided by NVIDIA. After thorough analysis, Katze identified two critical vulnerabilities, dubbed “sparsehax” and “dtbhax.”

  • Sparsehax : A logic flaw in SparseFS image decompression.
  • Dtbhax – Enables persistent access by loading a specific block of the core device tree (DTB).

By exploiting these vulnerabilities, the researcher was able to execute unsigned code on the Magic Leap One, bypassing the device’s first layer of protection. She then caused the Tegra X2 to malfunction during boot, injecting errors and successfully exporting the BootROM firmware via a side channel.

Analysis of BootROM revealed a serious vulnerability in USB recovery mode. Because BootROM is code stored directly on the chip’s silicon, NVIDIA cannot fix this flaw through software updates.

According to Katze, this flaw could bypass the secure boot chain on all Tegra X2-based devices with access to a USB interface, including sensitive systems like Tesla’s Autopilot. The attack requires physical contact with the device and a complex exploit chain to execute code with elevated privileges.

It should be noted, however, that the Tegra X2 was launched in 2016 and is no longer in production. The most critical vulnerabilities have been fixed in subsequent versions, limiting the impact on current devices.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

  • #cybersecurity
  • #hacking
  • chip security
  • device security
  • embedded systems
  • Magic Leap One
  • NVIDIA Tegra X2
  • Tesla Autopilot
  • vehicle systems
  • Vulnerability
Cropped RHC 3d Transp2 1766828557 300x300
The editorial staff of Red Hot Cyber is composed of IT and cybersecurity professionals, supported by a network of qualified sources who also operate confidentially. The team works daily to analyze, verify, and publish news, insights, and reports on cybersecurity, technology, and digital threats, with a particular focus on the accuracy of information and the protection of sources. The information published is derived from direct research, field experience, and exclusive contributions from national and international operational contexts.