Description
Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes.
Affected version is prior to commit 1.30.0.
Published: 2026-04-22
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Patch Update
AI Analysis

Impact

An integer overflow occurs in the calculation of the memory copy size in Samsung Open Source ONE. When tensor shapes are large, the overflow can lead to invalid memory operations, which may corrupt memory or cause a crash. The flaw is identified as CWE-190, an integer overflow vulnerability.

Affected Systems

Samsung Open Source ONE is affected in all releases prior to commit 1.30.0. Affected systems should verify the exact revision and compare it to the fixed commit.

Risk and Exploitability

The CVSS score of 6.6 indicates medium risk. EPSS is not available, and the vulnerability is not listed in CISA KEV. Exploitation would likely require control over input tensor shapes to trigger the overflow, making it a local or privileged threat that could cause denial of service or memory corruption.

Generated by OpenCVE AI on April 22, 2026 at 07:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Samsung Open Source ONE to commit 1.30.0 or later to apply the integer overflow fix.
  • If an update is not feasible, enforce bounds on tensor shape inputs before they are passed to memory copy functions to prevent overly large values from triggering the overflow.
  • Add defensive checks or monitoring for abnormal memory usage or crashes in applications that utilize ONE to detect potential exploitation attempts.

Generated by OpenCVE AI on April 22, 2026 at 07:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Samsung/ONE/pull/16481 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source one
Vendors & Products Samsung Open Source
Samsung Open Source one

Wed, 22 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Memory Copy Size Calculation Leading to Invalid Memory Operations in Samsung Open Source ONE

Wed, 22 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

Subscriptions

Samsung Open Source One
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-22T12:35:49.907Z

Reserved: 2026-04-22T00:52:02.298Z

Link: CVE-2026-41664

cve-icon Vulnrichment

Updated: 2026-04-22T12:35:36.977Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T07:16:13.657

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-41664

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:38Z

Weaknesses