Seven Bugs in FatFs Put IoT and Embedded Devices at Risk
ID: 6e3ae167-709f-5b57-bfa4-5d88d991abbe
STIX ID: report--6e3ae167-709f-5b57-bfa4-5d88d991abbe
Feed Name: Security Affairs
RunZero disclosed seven vulnerabilities in the FatFs embedded filesystem (including multiple CVEs rated Medium-to-High) that enable integer overflows, buffer and stack overflows, divide-by-zero crashes, information disclosure, and boot-time DoS across many IoT and embedded platforms. The flaws affect widely deployed platforms (ESP-IDF, STM32Cube, Zephyr, MicroPython, ArduPilot, etc.), threaten devices with limited memory protections (security cameras, ATMs, drones, firmware update paths), have public proof-of-concept artifacts and a QEMU exploit, and lack upstream fixes for most issues—creating significant remediation and supply-chain challenges.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
