Impact
FatFs versions earlier than R0.16 that enable GPT partition scanning when the FF_LBA64 flag is set to 1 contain an unbounded loop. During a mount operation the library reads the GPT header field GPTH_PtNum and uses that value as a counter for the scanning loop. If GPTH_PtNum is extremely large or corrupted the loop condition never becomes false, allowing the mount process to spin indefinitely and effectively freeze the file system. The flaw provides no compromise of confidentiality or integrity; the consequence is a denial of service that disables the availability of the file system and any services that depend on it.
Affected Systems
Embedded devices or firmware that incorporate the ChaN FatFs library compiled with FF_LBA64 support prior to release R0.16 are vulnerable. This includes a broad range of IoT hardware, automotive infotainment controllers, and other firmware that relies on FatFs to handle removable storage. Any system that mounts storage devices containing GPT partition tables while using a pre‑0.16 FatFs build would be susceptible.
Risk and Exploitability
The CVSS v3.1 score of 4.6 classifies the weakness as Medium severity, with a High availability impact. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed exploitation. Based on the description, the likely attack vector is an attacker able to provide a storage device with a crafted GPT header. This could be done locally by plugging in a malicious USB device or remotely if the system mounts network‑shared disks. The exploit requires minimal effort once such a device is accessible, but the impact is limited to a temporary denial of service until the system is rebooted or the mount operation is interrupted.
OpenCVE Enrichment