Skip to main content

FatFs CVE-2026-6683

| EUVDEUVD-2026-40993 MEDIUM
Divide By Zero (CWE-369)
2026-07-01 runZero GHSA-74cg-p8q3-4c3q
4.6
CVSS 3.1 · Vendor: runZero
Share

Severity by source

Vendor (runZero) PRIMARY
4.6 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.6 MEDIUM

Physical media insertion required (AV:P); no credentials needed; crash-only impact yields A:H with C:N and I:N.

3.1 AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (runZero).

CVSS VectorVendor: runZero

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 14:55 vuln.today

DescriptionCVE.org

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.

AnalysisAI

Divide-by-zero in FatFs R0.16 and earlier's exFAT sync logic crashes the filesystem when crafted volume metadata causes the expression n_fatent - 2 to evaluate to zero during write/sync operations, resulting in a hard fault or denial of service on the affected embedded device. The elm-chan FatFs library is widely bundled into microcontroller SDKs and IoT firmware, meaning the vulnerable code exists across a broad range of downstream products compiled with exFAT support. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft exFAT volume with n_fatent=2
Delivery
Deliver crafted media physically or via OTA pipeline
Exploit
Device mounts and initiates write/sync operation
Execution
Divide-by-zero triggered in sync logic
Impact
Filesystem crash causes device denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires the target system to be running FatFs R0.16 or earlier compiled with exFAT support enabled - FAT32/FAT16/FAT12-only builds are not affected by this code path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 4.6 Medium correctly reflects the Physical attack vector (AV:P), constraining the standard exploitation path to an attacker who can insert a crafted storage medium into the target device. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts an exFAT volume image with the `n_fatent` field set to exactly 2 in the volume metadata, causing the sync logic's `n_fatent - 2` divisor to evaluate to zero. In the physical-vector case, the attacker inserts a USB drive or SD card containing this image into an affected embedded device; in deployments with network-accessible OTA update pipelines, the crafted image is delivered remotely. …
Remediation The primary fix is to upgrade to a patched FatFs release once published by ChaN; as of this analysis, no confirmed fixed release version is available from the referenced data - the upstream project page at https://elm-chan.org/fsw/ff/ must be monitored for a new release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6683 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy