Description
Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors.
Affected version is prior to commit 1.30.0.
Published: 2026-04-22
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service due to integer overflow in memory initialization
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is an integer overflow that occurs while calculating the scratch buffer size during initialization in Samsung Open Source ONE. The overflow causes incorrect memory initialization when the program handles large intermediate tensors, which can lead to memory corruption and potentially a crash of the running application.

Affected Systems

Samsung Open Source ONE, any installation that uses versions prior to commit 1.30.0. The exact vendors and product names are Samsung Open Source ONE; affected releases are all builds before the introduction of commit 1.30.0 in the repository.

Risk and Exploitability

With a CVSS score of 6.1 the problem is considered medium severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV. The likely attack vector is that an attacker can supply or influence large intermediate tensors—either locally or remotely if the library is exposed in a user‑controlled context—to trigger the integer overflow, resulting in memory corruption that may cause a denial of service or, in worst cases, arbitrary code execution if the corrupted memory affects control data.

Generated by OpenCVE AI on April 22, 2026 at 07:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Samsung Open Source ONE to commit 1.30.0 or later when the integer overflow is fixed
  • If an upgrade is not possible, ensure that tensor sizes are validated and restricted so that the scratch buffer size calculation does not exceed integer limits
  • Monitor system stability and logs for abnormal crashes or memory corruption events that could indicate an exploitation attempt

Generated by OpenCVE AI on April 22, 2026 at 07:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Samsung/ONE/pull/16481 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source one
Vendors & Products Samsung Open Source
Samsung Open Source one

Wed, 22 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Scratch Buffer Initialization Causes Incorrect Memory Initialization

Wed, 22 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Samsung Open Source One
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-22T23:17:56.785Z

Reserved: 2026-04-22T00:52:02.298Z

Link: CVE-2026-41665

cve-icon Vulnrichment

Updated: 2026-04-22T12:34:34.838Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T07:16:13.763

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-41665

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:36Z

Weaknesses