CVE-2026-6839
Received
Received - Intake
Out-of-Bounds Access in Samsung ONE STRING Tensor Import
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: Samsung TV & Appliance
Description
Description
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE
Affected version is prior to commit 1.30.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | one | to 1.30.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper validation of STRING tensor offsets in Samsung Open Source ONE. Specifically, malformed string metadata can cause out of bounds access during the import of constant tensors.
How can this vulnerability impact me? :
The vulnerability can lead to out of bounds memory access which may result in denial of service or other impacts due to corrupted memory. According to the CVSS score, it has low confidentiality and integrity impact but a high impact on availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70