Unbounded Loop Vulnerability in FatFs by Elm-Chan
CVE-2026-6684
4.6MEDIUM
What is CVE-2026-6684?
An unbounded loop vulnerability exists in FatFs versions prior to R0.16 when performing GPT scanning with 'FF_LBA64 = 1'. This vulnerability is triggered by an excessive loop count derived from the GPT header field GPTH_PtNum. This can cause lengthy or infinite mount-time scans, disrupting system performance and potentially leading to denial-of-service conditions. It is crucial for users to update to the latest version of FatFs to mitigate this risk.
Affected Version(s)
FatFs 0
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
HD Moore of runZero, Inc.
Tod Beardsley of runZero, Inc.
