Crucial MX500 SSD with M3CR046 Firmware Vulnerable to Buffer Overflow

TapTechNews September 13th news, according to the record information (number CVE-2024-42642) released by the CVE official website on the 4th of this month local time, the Crucial MX500 solid-state drive with the M3CR046 firmware is vulnerable to buffer overflow and can be triggered by sending a specific ATA data packet from the host to the solid-state drive's main controller.

The Github page pointed to by CVE-2024-42642 shows that this vulnerability is related to the processing of firmware updates by the solid-state drive's main controller.

The MX500 is a classic mid-to-high-end SATA 6Gbps solid-state drive product of Crucial. This model has experienced many material changes, but the main controllers equipped are all from Silicon Motion, this one supplier.

According to the MX500 solid-state drive firmware upgrade page on the Crucial English official website, the latest firmware version of this product is M3CR046:

The verification of this vulnerability is currently carried out on the 64-bit Ubuntu 22.04 Linux distribution using the standard Linux SCSI driver. It is not clear whether the same problem will also occur on other distributions or operating systems.

TapTechNews attaches the links of the CVE official website and the related Github page as follows:

https://www.cve.org/CVERecord?id=CVE-2024-42642

https://github.com/VL4DR/CVE-2024-42642/tree/main