I don't think you understand how it work.
To do anything without glitching or exploiting a very early component in the chain of trust (like the bootrom) you need whole exploit chain (so, you need multiple exploitable bugs) that allows you to get kernel or trust zone privileged execution. This is not your easy run off the mill buffer overflow and this is something that's heavily mitigated by hardware mechanisms such as ASLR, NX bits... not to mention the fact that Nintendo can fix these exploit through firmware updates. No you can't downgrade because the Tegra X1 uses efuses and the efuse count needs to match the value expected by the bootloader, once you update efuses are blown to match this counter, this is a one way, irreversible operation.
It is much easier instead, to compromise the integrity of the security in the boot chain by doing hardware based glitching than exploiting using software further down the boot chain. That's what modchips do.