CVE Catalog

CVE-2026-6685

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

A vulnerability in FatFs R0.16 and earlier allows bypassing dirty-cache consistency checks via unsigned-subtraction wrap in f_read() and f_write() during interleaved read/write operations on fragmented filesystems.

Risk Assessment

An attacker with physical access can cause data corruption on the storage medium (e.g., SD card, USB drive) or complete loss of filesystem integrity, potentially leading to device failure or loss of critical information.

Recommendation

Update the FatFs library to a version newer than R0.16 if available. If no patch is available, restrict physical access to devices using this library and avoid interleaved read/write operations on fragmented filesystems.

Original NVD description (English source)

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS