Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Lifecycle Timeline
4DescriptionCVE.org
Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.
AnalysisAI
Integer overflow in tensor copy size calculation within Samsung Open Source ONE enables out of bounds memory access during loop state propagation. Unauthenticated local attackers with user interaction can trigger the overflow to read sensitive data, modify memory, or cause denial of service on affected versions prior to 1.30.0. CVSS 6.6 indicates moderate severity with high availability impact.
Technical ContextAI
Samsung ONE is an open-source neural network framework. The vulnerability exists in tensor copy operations where integer overflow occurs during size calculation within loop state propagation logic. When an attacker supplies a crafted tensor with specially constructed dimensions, the size calculation overflows, resulting in a smaller-than-intended buffer allocation. Subsequent copy operations then write beyond the allocated buffer boundary. This is a classic CWE-190 (Integer Overflow or Wraparound) condition combined with insufficient bounds checking on the resulting pointer arithmetic.
RemediationAI
Upgrade to Samsung Open Source ONE version 1.30.0 or later, which includes the fix via GitHub pull request #16481. Developers integrating ONE should apply this patch immediately. As a temporary workaround pending upgrade, validate tensor dimensions and copy sizes before processing untrusted tensor inputs, and implement runtime bounds checking on buffer operations. Limit tensor processing to authenticated users where feasible, and sandbox tensor processing in memory-isolated containers to contain out-of-bounds access impact. Note that workarounds do not eliminate the root cause and should be treated as interim measures only.
Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att
Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24624
GHSA-9pfq-r2rw-3rwv