logo

Seven Bugs in FatFs Put IoT and Embedded Devices at Risk

ID: 6e3ae167-709f-5b57-bfa4-5d88d991abbe

STIX ID: report--6e3ae167-709f-5b57-bfa4-5d88d991abbe

Feed Name: Security Affairs

Threat Score
75/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

Author: Pierluigi Paganini

...
...

RunZero disclosed seven vulnerabilities in the FatFs embedded filesystem (including multiple CVEs rated Medium-to-High) that enable integer overflows, buffer and stack overflows, divide-by-zero crashes, information disclosure, and boot-time DoS across many IoT and embedded platforms. The flaws affect widely deployed platforms (ESP-IDF, STM32Cube, Zephyr, MicroPython, ArduPilot, etc.), threaten devices with limited memory protections (security cameras, ATMs, drones, firmware update paths), have public proof-of-concept artifacts and a QEMU exploit, and lack upstream fixes for most issues—creating significant remediation and supply-chain challenges.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.