This vulnerability involves an integer overflow (CWE-190) in the tensor allocation size calculation within Samsung Open Source ONE. When handling large tensors, the calculation may overflow, resulting in allocating less memory than required. This can lead to memory corruption or application instability. The affected versions are those prior to commit 1.30.0. The CVSS 3.1 vector indicates the attack requires local access with high attack complexity and user interaction, causing no confidentiality impact, low integrity impact, and high availability impact.

The integer overflow can cause insufficient memory allocation for large tensors, potentially leading to application crashes or denial of service conditions. There is no direct confidentiality or integrity compromise reported. The impact is primarily on availability due to possible application instability or failure when processing large tensors.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Samsung Open Source ONE updates and apply any patches or updates addressing this issue once available. Until then, avoid processing unusually large tensors that might trigger the overflow.