An integer overflow in the buffer size calculation within Samsung Open Source ONE (versions prior to 1.30.0) can cause out-of-bounds memory access when processing large tensors. This vulnerability is classified under CWE-190 (Integer Overflow or Wraparound). The CVSS 3.1 base score is 6.6, reflecting a medium severity with local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and impacts on confidentiality, integrity, and availability (with availability impact rated high). No known exploits are reported in the wild, and no official patch or remediation level has been provided by the vendor as of the published date.

Successful exploitation could result in out-of-bounds memory access, potentially causing denial of service (high availability impact) and limited confidentiality and integrity impacts. The vulnerability requires local access and user interaction, limiting the attack surface. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the affected version is prior to 1.30.0, upgrading to version 1.30.0 or later may address the issue if the vendor has included a fix in that release. Until official guidance or patches are available, avoid processing untrusted large tensors with affected versions.