This vulnerability involves an integer overflow (CWE-190) in the buffer size calculation logic of Samsung Open Source ONE before version 1.30.0. When processing large tensor data, the overflow can cause the program to calculate an incorrect buffer size, resulting in out-of-bounds memory access. This can lead to partial loss of confidentiality and integrity, and a high impact on availability. The CVSS v3.1 base score is 6.6 with vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H, indicating local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and low confidentiality and integrity impact but high availability impact. No patch or official fix information is provided in the available data.

The vulnerability can cause out-of-bounds memory access due to integer overflow in buffer size calculation, potentially leading to partial confidentiality and integrity loss and significant availability disruption. The CVSS score of 6.6 reflects a medium severity impact. There are no reports of exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the affected version is prior to 1.30.0, upgrading to version 1.30.0 or later may address the issue if confirmed by the vendor. Until an official fix is available, avoid processing untrusted large tensor inputs that could trigger the overflow.