Vulnerability Details CVE-2026-6685
FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.6%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-6685
-
cpe:2.3:a:elm-chan:fatfs:r0.07a
-
cpe:2.3:a:elm-chan:fatfs:r0.07c
-
cpe:2.3:a:elm-chan:fatfs:r0.07e
-
cpe:2.3:a:elm-chan:fatfs:r0.08
-
cpe:2.3:a:elm-chan:fatfs:r0.08a
-
cpe:2.3:a:elm-chan:fatfs:r0.08b
-
cpe:2.3:a:elm-chan:fatfs:r0.09
-
cpe:2.3:a:elm-chan:fatfs:r0.09a
-
cpe:2.3:a:elm-chan:fatfs:r0.09b
-
cpe:2.3:a:elm-chan:fatfs:r0.10
-
cpe:2.3:a:elm-chan:fatfs:r0.10a
-
cpe:2.3:a:elm-chan:fatfs:r0.10b
-
cpe:2.3:a:elm-chan:fatfs:r0.10c
-
cpe:2.3:a:elm-chan:fatfs:r0.11
-
cpe:2.3:a:elm-chan:fatfs:r0.11a
-
cpe:2.3:a:elm-chan:fatfs:r0.12
-
cpe:2.3:a:elm-chan:fatfs:r0.12a
-
cpe:2.3:a:elm-chan:fatfs:r0.12b
-
cpe:2.3:a:elm-chan:fatfs:r0.12c
-
cpe:2.3:a:elm-chan:fatfs:r0.13
-
cpe:2.3:a:elm-chan:fatfs:r0.13a
-
cpe:2.3:a:elm-chan:fatfs:r0.13b
-
cpe:2.3:a:elm-chan:fatfs:r0.13c
-
cpe:2.3:a:elm-chan:fatfs:r0.14
-
cpe:2.3:a:elm-chan:fatfs:r0.14a
-
cpe:2.3:a:elm-chan:fatfs:r0.14b
-
cpe:2.3:a:elm-chan:fatfs:r0.15
-
cpe:2.3:a:elm-chan:fatfs:r0.15a
-
cpe:2.3:a:elm-chan:fatfs:r0.15b
-
cpe:2.3:a:elm-chan:fatfs:r0.16