Skip to main content

Samsung ONE EUVD-2026-24629

| CVE-2026-6840 MEDIUM
Improper Validation of Array Index (CWE-129)
2026-04-22 samsung.tv_appliance GHSA-r68m-88g9-q2jq
Information Disclosure One
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 22, 2026 - 06:49 vuln.today
EUVD ID Assigned
Apr 22, 2026 - 06:30 euvd
EUVD-2026-24629
Analysis Generated
Apr 22, 2026 - 06:30 vuln.today
CVE Published
Apr 22, 2026 - 06:08 nvd
MEDIUM 5.5

DescriptionCVE.org

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.

AnalysisAI

Denial of service via out-of-range operator-code lookup in Samsung ONE machine learning framework prior to version 1.30.0 allows local attackers with user interaction to crash the model loading process. Missing bounds validation during operator code indexing permits access to invalid memory locations, triggering application termination without authentication.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious model with invalid operator code
Delivery
Deliver to target user
Exploit
User loads model in ONE framework
Execution
Framework reads out-of-bounds operator metadata
Impact
Crash denial of service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that a user with legitimate access to the affected Samsung ONE framework actively load a model file. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 5.5 (Medium) indicates local attack vector with low complexity and no privilege requirements, but requires user interaction (UI:R) to load a malicious model file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious neural network model file with an out-of-range operator code value. The attacker tricks a machine learning developer or researcher into loading the model in a Samsung ONE-based application for testing or evaluation. …
Remediation Upgrade to Samsung ONE version 1.30.0 or later to obtain the bounds validation fix. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-24629 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy