Description
Missing bounds validation for operator could allow out of range operator-code lookup during model loading
Affected version is prior to commit 1.30.0.
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from a missing bounds check in the operator lookup logic used when loading model files in Samsung Open Source:ONE. If an attacker supplies a model file containing an operator index outside the valid range, the program may read memory beyond the intended array boundaries. This out‑of‑bounds access can lead to memory corruption, potentially allowing the attacker to execute arbitrary code or cause a denial of service. The weakness corresponds to CWE‑129, indicating a signed integer overflow or out‑of‑range index issue. Based on the description, it is inferred that an attacker can supply a malicious model file to trigger the flaw during the loading process.

Affected Systems

The affected product is Samsung Open Source:ONE. Versions prior to commit 1.30.0 are vulnerable. No specific sub‑product names are provided, so all releases of the framework before that commit are impacted.

Risk and Exploitability

The CVSS v3 score is 5.5, indicating a medium severity vulnerability. No EPSS data is available, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is local execution of a crafted model during the loading process; no network exposure is described, so exploitation requires an attacker that can influence the model loading operation. Given the moderate CVSS score and lack of exploitation evidence, the overall risk is medium, but the potential impact of arbitrary code execution warrants prompt attention.

Generated by OpenCVE AI on April 22, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Samsung Open Source:ONE to commit 1.30.0 or newer to apply the missing bounds check.
  • If upgrading is not immediately possible, avoid loading untrusted or externally supplied model files until a fix is deployed.
  • Monitor Samsung's release notes and apply any subsequent patch as soon as it becomes available.

Generated by OpenCVE AI on April 22, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Samsung/ONE/pull/16481 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source one
Vendors & Products Samsung Open Source
Samsung Open Source one

Wed, 22 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Operator-Code Lookup During Model Loading in Samsung ONE

Wed, 22 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Samsung Open Source One
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-22T12:29:22.002Z

Reserved: 2026-04-22T06:03:55.371Z

Link: CVE-2026-6840

cve-icon Vulnrichment

Updated: 2026-04-22T12:29:17.238Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T07:16:15.067

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-6840

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:32Z

Weaknesses