{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24813", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:48:56.893Z", "datePublished": "2026-01-27T08:49:23.869Z", "dateUpdated": "2026-01-27T14:45:40.077Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/abcz316/SKRoot-linuxKernelRoot", "defaultStatus": "affected", "modules": ["testRoot/jni/utils"], "product": "SKRoot-linuxKernelRoot", "programFiles": ["cJSON.cpp"], "vendor": "abcz316", "versions": [{"status": "unknown", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules).<p> This vulnerability is associated with program files <tt>cJSON.Cpp</tt>.</p><p>This issue affects SKRoot-linuxKernelRoot.</p>"}], "value": "NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp.\n\nThis issue affects SKRoot-linuxKernelRoot."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:49:23.869Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/abcz316/SKRoot-linuxKernelRoot/pull/116"}], "source": {"discovery": "UNKNOWN"}, "title": "A null pointer dereference in abcz316/SKRoot-linuxKernelRoot", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T14:45:05.289340Z", "id": "CVE-2026-24813", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:45:40.077Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24813", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T14:45:05.289340Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:45:29.457Z"}}], "cna": {"title": "A null pointer dereference in abcz316/SKRoot-linuxKernelRoot", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 8.7, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "abcz316", "modules": ["testRoot/jni/utils"], "product": "SKRoot-linuxKernelRoot", "versions": [{"status": "unknown", "version": "0", "versionType": "git"}], "programFiles": ["cJSON.cpp"], "collectionURL": "https://github.com/abcz316/SKRoot-linuxKernelRoot", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/abcz316/SKRoot-linuxKernelRoot/pull/116", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp.\n\nThis issue affects SKRoot-linuxKernelRoot.", "supportingMedia": [{"type": "text/html", "value": "NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules).<p> This vulnerability is associated with program files <tt>cJSON.Cpp</tt>.</p><p>This issue affects SKRoot-linuxKernelRoot.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:49:23.869Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24813", "state": "PUBLISHED", "dateUpdated": "2026-01-27T14:45:40.077Z", "dateReserved": "2026-01-27T08:48:56.893Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:49:23.869Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp.\n\nThis issue affects SKRoot-linuxKernelRoot."}, {"lang": "es", "value": "Vulnerabilidad de desreferencia de puntero NULL en abcz316 SKRoot-linuxKernelRoot (m\u00f3dulos testRoot/jni/utils). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa cJSON.Cpp.\n\nEste problema afecta a SKRoot-linuxKernelRoot."}], "id": "CVE-2026-24813", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:51.680", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/abcz316/SKRoot-linuxKernelRoot/pull/116"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T19:50:16.754259+00:00", "value": {"mitigation_remediation": ["Update to the latest commit in the abcz316/SKRoot-linuxKernelRoot repository that resolves the null pointer dereference and rebuild the binaries to replace the vulnerable modules.", "If no patch is immediately available, disable or remove the testRoot/jni/utils modules that load cJSON.Cpp to eliminate execution of the vulnerable code path.", "Deploy host\u2011based intrusion detection to monitor for crash events or anomalous behavior related to the SKRoot-linuxKernelRoot service, and set up automated alerts to notify administrators if a crash occurs."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via Null Pointer Dereference"}, "threat_synthesis": {"affected_systems": "The SKRoot-linuxKernelRoot repository maintained by abcz316. No explicit version number is listed in the official data, so all current releases that incorporate the vulnerable modules are considered at risk until a fix is applied.", "description_and_impact": "The vulnerability is a null pointer dereference in the SKRoot-linuxKernelRoot project, specifically within the testRoot/jni/utils modules that incorporate cJSON.Cpp. This flaw can allow an attacker, when able to trigger the dereference, to cause a crash of the involved module and consequently disrupt its operation, raising availability concerns.", "risk_and_exploitability": "The CVSS score of 8.7 categorizes this flaw as high severity, while the EPSS score indicates a very low but nonzero likelihood of exploitation. It is not listed in the CISA KEV catalog. Based on the description, the vulnerability arises when a null pointer is dereferenced during operation of the testRoot/jni/utils modules that use cJSON.Cpp. An attacker who can trigger that dereference could cause a crash of the module, leading to a denial\u2011of\u2011service for the component. The specific conditions required to trigger the fault are not detailed, so the exact attack vector cannot be definitively stated, but it requires interaction with the vulnerable module or provision of malicious input."}}}}, "created": "2026-01-27T20:17:20.351222+00:00", "updated": "2026-04-18T20:00:09.288525+00:00", "vendors": ["abcz316", "abcz316$PRODUCT$skroot-linuxkernelroot"]}