Seven FatFs bugs, one very large blast radius
ID: 4cc88d35-683e-5c4e-8e48-64d22e851a9c
STIX ID: report--4cc88d35-683e-5c4e-8e48-64d22e851a9c
Feed Name: runZero Blog
RunZero published a coordinated disclosure of seven FatFs vulnerabilities (multiple CVEs) affecting FAT/exFAT/GPT parsing used across many embedded ecosystems (Espressif ESP‑IDF, STMicroelectronics STM32Cube, Zephyr, MicroPython, ArduPilot, Mbed, and more). The flaws range from high-severity integer- and stack-overflows with RCE/heap/stack-corruption potential to medium-severity DoS and information-leak issues; the post warns downstream implementers to audit vendored copies, wrappers, and OTA/update handling and points to PoC images and a test harness in a companion repository.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
