Description
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.

This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
Published: 2026-05-19
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a null pointer dereference that allows pointer manipulation in the Samsung Open Source Walrus project. This flaw can corrupt memory and potentially lead to application crashes or unintended code execution. The weakness corresponds to CWE‑476, indicating improper handling of null pointers. The impact is restricted to the process that uses Walrus, but if an attacker can trigger the fault, the entire application could be compromised.

Affected Systems

Walrus is part of Samsung's open‑source offering. The defective code is present in commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. Any builds derived from that commit are affected. Current releases that have applied the fix are not impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk. The EPSS score is not available, so the likelihood of exploitation is unclear. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly documented; based on the description, the vulnerability is triggered when a null pointer is dereferenced, which suggests a local code execution need or an external input that leads to the fault. Without additional privileges or authentication bypass, exploitation would likely result in a denial of service, though the potential for code execution exists if the misuse of the pointer is exploited.

Generated by OpenCVE AI on May 19, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Walrus to the latest commit that includes the fix, as referenced in https://github.com/Samsung/walrus/pull/409
  • If an update is not immediately available, apply the patch changes from the pull request manually or cherry‑select the commit that resolves the null pointer dereference
  • Restrict the privileges of the Walrus process and isolate it from untrusted input to limit the impact of a potential fault
  • As a supplementary measure, add defensive checks in code that interfaces with Walrus to ensure pointers are non‑null before use

Generated by OpenCVE AI on May 19, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Samsung/walrus/pull/409 cve-icon cve-icon
History

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source walrus
Vendors & Products Samsung Open Source
Samsung Open Source walrus

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference in Samsung Walrus Open Source Project

Tue, 19 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Samsung Open Source Walrus
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T04:17:49.970Z

Reserved: 2026-05-19T02:40:40.159Z

Link: CVE-2026-47308

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T05:16:25.490

Modified: 2026-05-19T05:16:25.490

Link: CVE-2026-47308

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T08:18:31Z

Weaknesses