Description
Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE.
Affected version is prior to commit  1.30.0.
Published: 2026-04-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

The vulnerability involves an integer overflow in the tensor allocation size calculation within Samsung Open Source ONE. This flaw can cause an insufficient memory allocation when processing large tensors, potentially leading to application crashes or denial of service. The weakness is identified as an integer overflow (CWE‑190).

Affected Systems

Systems affected are those running Samsung Open Source ONE prior to commit 1.30.0. The specific product includes the Tensor processing module in the open source framework.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and no EPSS information is available. The vulnerability is not listed in the CISA KEV catalog. Attack vectors are not explicitly described, but it is inferred that the flaw could be triggered when the application processes large tensor inputs, which may be controllable by an attacker if the input is externally sourced. Exploitation requires that the vulnerable allocation be used, and the effect is limited to resource exhaustion or crash rather than direct data compromise.

Generated by OpenCVE AI on April 22, 2026 at 07:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to commit 1.30.0 or later where the overflow is fixed.
  • If updating is not immediately possible, restrict the size of tensors that the application accepts, preventing the allocation of excessively large tensors.
  • Monitor the application for abnormal memory usage or crashes and restart the process or apply runtime limits when such events are detected.

Generated by OpenCVE AI on April 22, 2026 at 07:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Samsung/ONE/pull/16481 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source one
Vendors & Products Samsung Open Source
Samsung Open Source one

Wed, 22 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit  1.30.0.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Samsung Open Source One
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-22T23:16:41.946Z

Reserved: 2026-04-13T04:23:34.943Z

Link: CVE-2026-40448

cve-icon Vulnrichment

Updated: 2026-04-22T13:10:28.106Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T07:16:12.500

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-40448

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:41Z

Weaknesses