Description
NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp.

This issue affects SKRoot-linuxKernelRoot.
Published: 2026-01-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Null Pointer Dereference
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a null pointer dereference in the SKRoot-linuxKernelRoot project, specifically within the testRoot/jni/utils modules that incorporate cJSON.Cpp. This flaw can allow an attacker, when able to trigger the dereference, to cause a crash of the involved module and consequently disrupt its operation, raising availability concerns.

Affected Systems

The SKRoot-linuxKernelRoot repository maintained by abcz316. No explicit version number is listed in the official data, so all current releases that incorporate the vulnerable modules are considered at risk until a fix is applied.

Risk and Exploitability

The CVSS score of 8.7 categorizes this flaw as high severity, while the EPSS score indicates a very low but nonzero likelihood of exploitation. It is not listed in the CISA KEV catalog. Based on the description, the vulnerability arises when a null pointer is dereferenced during operation of the testRoot/jni/utils modules that use cJSON.Cpp. An attacker who can trigger that dereference could cause a crash of the module, leading to a denial‑of‑service for the component. The specific conditions required to trigger the fault are not detailed, so the exact attack vector cannot be definitively stated, but it requires interaction with the vulnerable module or provision of malicious input.

Generated by OpenCVE AI on April 18, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest commit in the abcz316/SKRoot-linuxKernelRoot repository that resolves the null pointer dereference and rebuild the binaries to replace the vulnerable modules.
  • If no patch is immediately available, disable or remove the testRoot/jni/utils modules that load cJSON.Cpp to eliminate execution of the vulnerable code path.
  • Deploy host‑based intrusion detection to monitor for crash events or anomalous behavior related to the SKRoot-linuxKernelRoot service, and set up automated alerts to notify administrators if a crash occurs.

Generated by OpenCVE AI on April 18, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Abcz316
Abcz316 skroot-linuxkernelroot
Vendors & Products Abcz316
Abcz316 skroot-linuxkernelroot

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
Description NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot.
Title A null pointer dereference in abcz316/SKRoot-linuxKernelRoot
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:L/U:Amber'}

Subscriptions

Abcz316 Skroot-linuxkernelroot
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T14:45:40.077Z

Reserved: 2026-01-27T08:48:56.893Z

Link: CVE-2026-24813

cve-icon Vulnrichment

Updated: 2026-01-27T14:45:29.457Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:51.680

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24813

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T20:00:09Z

Weaknesses