Description
Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors.
Affected version is prior to commit 1.30.0.
Published: 2026-04-22
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential memory corruption
Action: Patch or Update
AI Analysis

Impact

An integer overflow is present in the calculation of the tensor copy size during output tensor copying in Samsung Open Source:ONE. This flaw leads to an incorrect length being used when a tensor exceeds a certain size, allowing memory corruption through an oversized tensor. The vulnerability is classified as CWE-190, indicating a numeric safety flaw that can compromise data integrity.

Affected Systems

The issue affects deployments of Samsung Open Source:ONE that are built from any commit prior to 1.30.0. No specific product versions beyond this commit boundary are impacted, and the vulnerability is tied solely to the Samsung Open Source:ONE library.

Risk and Exploitability

The CVSS score of 6.6 places the bug in the Medium severity range, and the lack of an EPSS score or KEV listing suggests it is not widely exploited at this time. The vulnerability can only be triggered when a tensor of sufficient size is processed, implying that an attacker would require the ability to influence tensor inputs to the library. The resulting memory corruption could potentially lead to code execution or system instability, but an active exploitation path has not been documented.

Generated by OpenCVE AI on April 22, 2026 at 07:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Samsung Open Source:ONE to commit 1.30.0 or later
  • Implement validation checks on tensor sizes before invoking the library to prevent oversized inputs
  • Deploy runtime memory protection such as address sanitizers or bounds‑checking mechanisms to catch potential overflow attempts

Generated by OpenCVE AI on April 22, 2026 at 07:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Samsung/ONE/pull/16481 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source one
Vendors & Products Samsung Open Source
Samsung Open Source one

Wed, 22 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow Causing Memory Corruption in Samsung ONE Tensor Copy

Wed, 22 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

Subscriptions

Samsung Open Source One
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-22T23:17:24.314Z

Reserved: 2026-04-13T04:23:34.943Z

Link: CVE-2026-40450

cve-icon Vulnrichment

Updated: 2026-04-22T12:36:24.958Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T07:16:13.553

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-40450

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:39Z

Weaknesses