• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

mx500 ssd CVE-2024-42642 (Buffer Overflow)

Joined
Sep 11, 2013
Messages
120 (0.03/day)
System Name Msi PC
Processor Ryzen 5 5600
Motherboard MSI b550 gaming gen 3
Cooling deepcool gammaxx 200t (deepcool z10 paste)
Memory 32(4x8) gb g.skill 3200 (qvl)
Video Card(s) MSI RTX 3060 8GB Ventus 2X OC
Storage Ssd Crucial mx500 500 gb
Display(s) Philips 222V8LA/00 dp 75 hz freesync
Case Q-Tech Hermes 1004 (4x12cm fans)
Audio Device(s) X-fi titanium pcie (Support Pack 8.0 (Refresh 3))
Power Supply Corsair cv 750w bronze
Mouse PATRIOT PV530OULK VIPER V530 (500hz)
Keyboard Gigabyte force k81
Software Windows 11
I found a site that says that, Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.


-https://www.cve.org/CVERecord?id=CVE-2024-42642
-https://github.com/VL4DR/CVE-2024-42642/tree/main
-https://nvd.nist.gov/vuln/detail/CVE-2024-42642

I write it here for discussion.
 
Joined
Jun 22, 2019
Messages
189 (0.09/day)
Processor Ryzen 7 5600x @ stock
Motherboard B550M motar wifi
Cooling Thermalright assassin 120 se
Memory DDR4 G.skill 32gb @ 3600mhz
Video Card(s) 6700xt
Storage 2x Crucial MX500 1tb SSDs 1TB SN850x
Display(s) Acer nitro XV272U 1440p 170hz
Case Deepcool M370
Power Supply Corsair RMx 850w
I wonder if this effects M3CR043 firmware? I have two of these drives one has 043 which is my game drive, the other one was the OS drive it does have M3CR046 firmware that I switched out since it was loosing health rather fast it's down to 94% since I bought it in February this year.
 
Joined
Feb 18, 2005
Messages
5,847 (0.80/day)
Location
Ikenai borderline!
System Name Firelance.
Processor Threadripper 3960X
Motherboard ROG Strix TRX40-E Gaming
Cooling IceGem 360 + 6x Arctic Cooling P12
Memory 8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s) MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage 2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s) 3x AOC Q32E2N (32" 2560x1440 75Hz)
Case Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply Fractal Design Ion+ 2 Platinum 760W
Mouse Logitech G602
Keyboard Razer Pro Type Ultra
Software Windows 10 Professional x64
 
Joined
Jan 18, 2020
Messages
871 (0.48/day)
Didn't this drive have excessive write amplification issues?

Yes on the earlier firmware and controller branch. Old thread on here somewhere for that.

What level of privilege do you need for this exploit?
 
Joined
Feb 10, 2023
Messages
856 (1.21/day)
Location
Belgium
System Name Prometheus
Processor AMD Ryzen 9 7900X3D
Motherboard ASUS ROG Crosshair X670E Extreme
Cooling AIO Cooler Master MasterLiquid 360
Memory 32GB DDR5
Video Card(s) Gigabyte GeForce RTX 3060 OC Edition 12GB
Storage Samsung 970PRO 2TB, Samsung 990PRO 4TB, WD SN850X 2TB, Samsung 980PRO 2TB. WD GOLD HDD 8TB
Display(s) Corsair XENEON 32UHD144 32" 4K UHD gaming monitor
Case Cooler Master HAF
Audio Device(s) Creative Sound Blaster AE7 + Logitech Z-5500 500W 5.1.
Power Supply Corsair AX850 Titanium.
Mouse Logitech MX Master 3
Keyboard Corsair K95 RGB
Software W10-11 Enterprise- Linux Mint 22.0 Cinnamon Edition.
I wouldn't lose any sleep over it. Someone has to know in advance which brand and type of SSD you have, and then get into your PC and SSD without you noticing. The chance of that is virtually nil. They will not so much target a home user.
Crucial will probably be working on an update. They use various components and controllers for the same cheap drive and so they have many different firmware versions around. No idea if older SSD's are vulnerable and if Crucial will update them too.

The M3CR042 to M3CR045 firmware versions was known to let the the computer just hang up because the drive did not respond anymore after a very long time power on. The M3CR046 firmware fixed that problem. In their own words;

M3CR046 is an optional update which repairs a hang condition occurring under corner-case workloads. Most Windows desktop and notebook users will be unaffected by this change.
 
Last edited:
Top