Description
Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation.
Affected version is prior to commit 1.30.0.
Published: 2026-04-22
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-Bounds Access
Action: Apply Patch
AI Analysis

Impact

Integer overflow occurs during tensor copy size calculation in Samsung Open Source ONE, which can cause the program to read or write memory beyond the intended bounds during loop state propagation. This flaw falls under CWE‑190 and may lead to memory corruption, potentially allowing an attacker to disrupt system integrity or, in a worst‑case scenario, execute arbitrary code if the bounds violation can be leveraged to overwrite control data.

Affected Systems

Samsung Open Source ONE for all versions prior to commit 1.30.0. No higher‑level product names are provided in the CNA data, but the stated affected-range covers every build before that commit.

Risk and Exploitability

The CVSS score of 6.6 indicates moderate severity, and the flaw is not listed in the CISA KEV catalog. EPSS is not available, so exploitation likelihood cannot be quantified. The attack vector is inferred to be an attacker able to supply crafted tensor data that triggers the overflow; the flaw does not require privileged access or network exposure, but would likely need local execution within the application. Successful exploitation could corrupt memory, crash the process, or provide a foothold for further compromise if additional vulnerabilities exist.

Generated by OpenCVE AI on April 22, 2026 at 07:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open Source ONE to commit 1.30.0 or later, which addresses the integer overflow in tensor copy size calculation.
  • If an immediate update is not possible, isolate the ONE process from untrusted tensor inputs and validate tensor sizes before copying to prevent out-of-bounds access.
  • Monitor the application for abnormal crashes or memory corruption events, and consider disabling or sandboxing tensor operations until the patch is applied.

Generated by OpenCVE AI on April 22, 2026 at 07:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Samsung/ONE/pull/16481 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source one
Vendors & Products Samsung Open Source
Samsung Open Source one

Wed, 22 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Tensor Copy Size Calculation Leading to Out‑of‑Bounds Access in Samsung Open Source ONE

Wed, 22 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

Subscriptions

Samsung Open Source One
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-22T23:18:12.183Z

Reserved: 2026-04-22T00:52:02.298Z

Link: CVE-2026-41666

cve-icon Vulnrichment

Updated: 2026-04-22T12:32:37.367Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T07:16:13.867

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-41666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:35Z

Weaknesses