Samsung Open Source ONE CVE-2026-40450

EUVD-2026-24618 MEDIUM

Integer Overflow or Wraparound (CWE-190)

2026-04-22 samsung.tv_appliance

GHSA-85g4-fxfm-w35m

Buffer Overflow Integer Overflow Samsung

6.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 22, 2026 - 06:49 vuln.today

DescriptionNVD

Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.

AnalysisAI

Integer overflow in Samsung Open Source ONE's output tensor copy size calculation allows local attackers with user interaction to cause memory corruption and potential code execution through oversized tensor processing. The vulnerability affects versions prior to 1.30.0 and stems from improper integer arithmetic when computing copy lengths for tensor data, enabling an attacker to trigger buffer overflows by crafting malicious tensor inputs that bypass size validation.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40450 vulnerability details – vuln.today

Back