CVE-2026-6685
Received Received - Intake

Integer Underflow in FatFs File System

Vulnerability report for CVE-2026-6685, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: 44488dab-36db-4358-99f9-bc116477f914

Description

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
elm-chan fatfs 0.16
chan fatfs to 0.16 (exc)
chan fatfs From 0.16 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-6685 is a medium-severity vulnerability in the FatFs file system library, specifically in versions R0.16 and earlier. It arises from an integer underflow caused by an unsigned-subtraction wrap in the dirty-cache handling logic within the f_read() and f_write() functions during interleaved read/write operations on fragmented FAT filesystems.

This underflow occurs when the calculation (fp->sect - sect < cc) wraps around, leading to stale dirty-cache data being skipped incorrectly. As a result, FatFs may perform out-of-bounds memory writes, causing silent data corruption that is difficult to detect.

The vulnerability affects embedded systems using FatFs, including IoT devices, industrial controllers, drones, and other platforms relying on FAT filesystems for critical data storage.

Impact Analysis

This vulnerability can lead to silent data corruption by writing stale cached data to incorrect memory locations during file read/write operations on fragmented FAT volumes.

On bare-metal systems without memory protection, this can cause silent memory corruption that may go unnoticed, potentially compromising the integrity of critical files such as logs or control instructions.

On systems with memory management units (MMUs), the out-of-bounds writes may trigger faults or crashes, leading to denial of service or system instability.

The attack requires control over the FAT volume layout and the ability to perform interleaved read/write operations, but natural fragmentation over time can also make exploitation possible without special preparation.

Detection Guidance

This vulnerability results in silent data corruption due to an integer underflow in FatFs during interleaved read/write operations on fragmented filesystems. Detection is challenging because the corruption is silent and may not produce obvious errors.

Detection involves monitoring for unexpected data corruption or crashes related to file I/O on FAT-formatted storage, especially on embedded or bare-metal systems using FatFs R0.16 or earlier.

Since the vulnerability is triggered by fragmented FAT volumes with non-sequential cluster layouts, one approach is to analyze the fragmentation state of FAT volumes and monitor file read/write operations for anomalies.

No specific detection commands are provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of FatFs R0.16 and earlier versions in environments where fragmented FAT volumes are used, especially for critical data logging or control files.

If possible, update or patch the FatFs library to a version that addresses this integer underflow vulnerability.

As a temporary measure, reduce fragmentation on FAT volumes by defragmenting storage media or avoiding interleaved read/write operations on fragmented filesystems.

Monitor systems for signs of data corruption or crashes related to file I/O and consider implementing additional integrity checks on critical files.

Compliance Impact

CVE-2026-6685 causes silent data corruption due to stale dirty-cache handling in FatFs, which can impact the integrity and availability of data in embedded systems. This silent corruption risk poses challenges for environments that require strict data integrity and auditability, such as those governed by standards like GDPR and HIPAA.

While the vulnerability does not directly disclose sensitive data (no confidentiality impact), the integrity and availability impacts could lead to non-compliance with regulations that mandate accurate and reliable data handling, especially in control and data-logging environments.

Systems relying on FatFs for critical logs or control data may face compliance risks if corrupted data leads to incorrect processing or loss of audit trails required by these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6685. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart