Impact
The vulnerability is an integer underflow caused by an unsigned subtraction wrap in the stale dirty-cache skip condition within f_read() / f_write() in FatFs R0.16 and earlier. This flaw allows an attacker who can influence the sector calculation to trigger the cache flush bypass, potentially leading to data corruption and loss. The flaw is classified as CWE‑191 (Integer Underflow).
Affected Systems
The affected library is the FatFs file system implementation by ChaN, versions R0.16 and earlier. No specific application vendors are listed, but any embedded system or device that integrates this library and performs interleaved read/write operations on fragmented file systems is potentially vulnerable.
Risk and Exploitability
The CVSS v3.1 score is 6.1 with an attacker vector of Physical, low complexity, and no user interaction. The vulnerability also has a medium impact (integrity and availability high). No EPSS score is available, and the flaw is not listed in CISA KEV. A proof‑of‑concept has been demonstrated, and the technical impact is described as total. Consequently, the risk is moderate but can be significant in environments where data integrity is critical.
OpenCVE Enrichment