CVE-2026-6684
Received Received - Intake

FatFs R0.16 GPT Scanning Unbounded Loop Vulnerability

Vulnerability report for CVE-2026-6684, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: 44488dab-36db-4358-99f9-bc116477f914

Description

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
elm-chan fatfs to 0.16 (exc)
chan fatfs to R0.16 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-6684 is a denial-of-service vulnerability in ChaN's FatFs library versions prior to R0.16 when using GPT partition scanning with FF_LBA64 enabled.

The vulnerability arises from an unbounded loop caused by a crafted GPT header field (GPTH_PtNum) set to an extremely high value (0xFFFFFFFF), which leads to an extremely long or infinite loop during the mount-time scanning process.

This unbounded loop results in a system hang or boot denial, especially on devices without watchdog timers.

The issue corresponds to CWE-835 (Loop with Unreachable Exit Condition) and has a CVSS v3.1 base score of 4.6 (Medium severity).

Impact Analysis

This vulnerability can cause denial of service by making the system enter an extremely long or infinite loop during the mounting of GPT partitions.

As a result, devices using affected versions of FatFs with GPT scanning enabled may experience boot failures or service disruptions.

This is particularly problematic for embedded or watchdog-less systems where the device may become unresponsive without automatic recovery.

Detection Guidance

This vulnerability can be detected by identifying if your system or device uses ChaN's FatFs library prior to version R0.16 with GPT partition scanning enabled and FF_LBA64 set to 1.

Detection involves checking for unusually long or infinite mount-time scans caused by a crafted GPT header with an excessively high partition count (GPTH_PtNum set to 0xFFFFFFFF).

While no specific commands are provided in the available resources, monitoring mount operations for excessive delays or hangs during GPT partition scanning can indicate exploitation.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of FatFs library versions prior to R0.16 with GPT scanning enabled and FF_LBA64 set to 1.

If possible, update the FatFs library to version R0.16 or later where this issue is resolved.

Additionally, implement watchdog timers or other system-level protections to recover from potential infinite loops during mount time.

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-6684 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6684. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart