Description
FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
Published: 2026-07-01
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer underflow caused by an unsigned subtraction wrap in the stale dirty-cache skip condition within f_read() / f_write() in FatFs R0.16 and earlier. This flaw allows an attacker who can influence the sector calculation to trigger the cache flush bypass, potentially leading to data corruption and loss. The flaw is classified as CWE‑191 (Integer Underflow).

Affected Systems

The affected library is the FatFs file system implementation by ChaN, versions R0.16 and earlier. No specific application vendors are listed, but any embedded system or device that integrates this library and performs interleaved read/write operations on fragmented file systems is potentially vulnerable.

Risk and Exploitability

The CVSS v3.1 score is 6.1 with an attacker vector of Physical, low complexity, and no user interaction. The vulnerability also has a medium impact (integrity and availability high). No EPSS score is available, and the flaw is not listed in CISA KEV. A proof‑of‑concept has been demonstrated, and the technical impact is described as total. Consequently, the risk is moderate but can be significant in environments where data integrity is critical.

Generated by OpenCVE AI on July 1, 2026 at 21:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest FatFs release or patch from ChaN that fixes the unsigned subtraction underflow in f_read() / f_write().
  • If a patch is not yet available, modify the FatFs source to add an explicit lower bound check on the sector calculation before writing the dirty cache, preventing the wrap‑around effect.
  • As a temporary workaround, avoid concurrent f_read() and f_write() calls on fragmented file systems or serialize such operations using file locking or similar mechanisms.

Generated by OpenCVE AI on July 1, 2026 at 21:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Description FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
Title FatFs Integer Underflow in Dirty-Sector Cache Flush
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: runZero

Published:

Updated: 2026-07-01T15:26:37.612Z

Reserved: 2026-04-20T15:06:21.250Z

Link: CVE-2026-6685

cve-icon Vulnrichment

Updated: 2026-07-01T15:26:33.909Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T21:15:05Z

Weaknesses
  • CWE-191

    Integer Underflow (Wrap or Wraparound)