• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

mx500 ssd CVE-2024-42642 (Buffer Overflow)

B

Boombastik

Joined
Sep 11, 2013
Messages
125 (0.03/day)
System Specs
System Name Msi PC
Processor Ryzen 5 5600
Motherboard MSI b550 gaming gen 3
Cooling deepcool gammaxx 200t (deepcool z10 paste)
Memory 32(4x8) gb g.skill 3200 (qvl)
Video Card(s) MSI RTX 3060 8GB Ventus 2X OC
Storage Ssd Crucial mx500 500 gb
Display(s) Philips 222V8LA/00 dp 75 hz freesync
Case Q-Tech Hermes 1004 (4x12cm fans)
Audio Device(s) X-fi titanium pcie (Support Pack 8.0 (Refresh 3))
Power Supply Corsair cv 750w bronze
Mouse PATRIOT PV530OULK VIPER V530 (500hz)
Keyboard Gigabyte force k81
Software Windows 11
I found a site that says that, Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.


-https://www.cve.org/CVERecord?id=CVE-2024-42642
-https://github.com/VL4DR/CVE-2024-42642/tree/main
-https://nvd.nist.gov/vuln/detail/CVE-2024-42642

I write it here for discussion.
 
Mazer

Mazer

Joined
Jun 22, 2019
Messages
189 (0.09/day)
System Specs
Processor Ryzen 7 5600x @ stock
Motherboard B550M motar wifi
Cooling Thermalright assassin 120 se
Memory DDR4 G.skill 32gb @ 3600mhz
Video Card(s) 6700xt
Storage 2x Crucial MX500 1tb SSDs 1TB SN850x
Display(s) Acer nitro XV272U 1440p 170hz
Case Deepcool M370
Power Supply Corsair RMx 850w
I wonder if this effects M3CR043 firmware? I have two of these drives one has 043 which is my game drive, the other one was the OS drive it does have M3CR046 firmware that I switched out since it was loosing health rather fast it's down to 94% since I bought it in February this year.
 
Assimilator

Assimilator

Joined
Feb 18, 2005
Messages
6,237 (0.85/day)
Location
Ikenai borderline!
System Specs
System Name Firelance.
Processor Threadripper 3960X
Motherboard ROG Strix TRX40-E Gaming
Cooling IceGem 360 + 6x Arctic Cooling P12
Memory 8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s) MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage 2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s) Dell S3221QS(A) (32" 38x21 60Hz) + 2x AOC Q32E2N (32" 25x14 75Hz)
Case Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply Fractal Design Ion+ 2 Platinum 760W
Mouse Logitech G604
Keyboard Razer Pro Type Ultra
Software Windows 10 Professional x64
www.techpowerup.com

Crucial MX500 SSD Firmware M3CR046 Vulnerable to Buffer Overflow Attacks

One of the most popular SATA SSD brands, the Crucial MX500, has a vulnerability in its firmware version M3CR046. Apparently, specific ATA packets issued from the host can trigger a buffer overflow in the drive, cause data leaks. The vulnerability has been chronicled as CVE-2024-42642. At this...
www.techpowerup.com www.techpowerup.com
 
M

mb194dc

Joined
Jan 18, 2020
Messages
1,000 (0.53/day)
hkpolice2 said:
Didn't this drive have excessive write amplification issues?
Click to expand...

Yes on the earlier firmware and controller branch. Old thread on here somewhere for that.

What level of privilege do you need for this exploit?
 
SPDIF

SPDIF

Joined
Feb 10, 2023
Messages
890 (1.17/day)
Location
Belgium
System Specs
System Name Prometheus
Processor AMD Ryzen 7 9800X3D
Motherboard ASUS ROG Crosshair X870E Extreme Gaming Wifi
Cooling AIO Cooler Master MasterLiquid 360
Memory 32GB DDR5 6000Mhz CL30
Video Card(s) Gigabyte GeForce RTX 3060 OC Edition 12GB
Storage Samsung 970PRO 2TB, Samsung 990PRO 4TB, WD SN850X 2TB, Samsung 980PRO 2TB. WD GOLD HDD 8TB
Display(s) Corsair XENEON 32UHD144 32" 4K UHD gaming monitor
Case Cooler Master HAF
Audio Device(s) Creative Sound Blaster AE7 + Logitech Z-5500 500W 5.1.
Power Supply Corsair AX850 Titanium, RM850X (2024)
Mouse Logitech MX Master 3
Keyboard Corsair K95 RGB Platinum Cherry MX
Software W10-11 Enterprise- Linux Mint 22.1 Cinnamon Edition.
I wouldn't lose any sleep over it. Someone has to know in advance which brand and type of SSD you have, and then get into your PC and SSD without you noticing. The chance of that is virtually nil. They will not so much target a home user.
Crucial will probably be working on an update. They use various components and controllers for the same cheap drive and so they have many different firmware versions around. No idea if older SSD's are vulnerable and if Crucial will update them too.

The M3CR042 to M3CR045 firmware versions was known to let the the computer just hang up because the drive did not respond anymore after a very long time power on. The M3CR046 firmware fixed that problem. In their own words;

M3CR046 is an optional update which repairs a hang condition occurring under corner-case workloads. Most Windows desktop and notebook users will be unaffected by this change.
 
Last edited:
B

Boombastik

Joined
Sep 11, 2013
Messages
125 (0.03/day)
System Specs
System Name Msi PC
Processor Ryzen 5 5600
Motherboard MSI b550 gaming gen 3
Cooling deepcool gammaxx 200t (deepcool z10 paste)
Memory 32(4x8) gb g.skill 3200 (qvl)
Video Card(s) MSI RTX 3060 8GB Ventus 2X OC
Storage Ssd Crucial mx500 500 gb
Display(s) Philips 222V8LA/00 dp 75 hz freesync
Case Q-Tech Hermes 1004 (4x12cm fans)
Audio Device(s) X-fi titanium pcie (Support Pack 8.0 (Refresh 3))
Power Supply Corsair cv 750w bronze
Mouse PATRIOT PV530OULK VIPER V530 (500hz)
Keyboard Gigabyte force k81
Software Windows 11
I see a new firmware M3CR047 in crucial tool.
 
SPDIF

SPDIF

Joined
Feb 10, 2023
Messages
890 (1.17/day)
Location
Belgium
System Specs
System Name Prometheus
Processor AMD Ryzen 7 9800X3D
Motherboard ASUS ROG Crosshair X870E Extreme Gaming Wifi
Cooling AIO Cooler Master MasterLiquid 360
Memory 32GB DDR5 6000Mhz CL30
Video Card(s) Gigabyte GeForce RTX 3060 OC Edition 12GB
Storage Samsung 970PRO 2TB, Samsung 990PRO 4TB, WD SN850X 2TB, Samsung 980PRO 2TB. WD GOLD HDD 8TB
Display(s) Corsair XENEON 32UHD144 32" 4K UHD gaming monitor
Case Cooler Master HAF
Audio Device(s) Creative Sound Blaster AE7 + Logitech Z-5500 500W 5.1.
Power Supply Corsair AX850 Titanium, RM850X (2024)
Mouse Logitech MX Master 3
Keyboard Corsair K95 RGB Platinum Cherry MX
Software W10-11 Enterprise- Linux Mint 22.1 Cinnamon Edition.
M3CR047 firmware just fixes this flaw, but nothing to let you sleep from this... As said attacker needs to know in advance what SSD type and brand you have, very unlikely to happen with home users... And also needs to crack your computer before he can do this.

 
M

mcwong

New Member
Joined
Feb 24, 2025
Messages
1 (0.06/day)
SPDIF said:
I wouldn't lose any sleep over it. Someone has to know in advance which brand and type of SSD you have, and then get into your PC and SSD without you noticing. The chance of that is virtually nil. They will not so much target a home user.
Crucial will probably be working on an update. They use various components and controllers for the same cheap drive and so they have many different firmware versions around. No idea if older SSD's are vulnerable and if Crucial will update them too.

The M3CR042 to M3CR045 firmware versions was known to let the the computer just hang up because the drive did not respond anymore after a very long time power on. The M3CR046 firmware fixed that problem. In their own words;

M3CR046 is an optional update which repairs a hang condition occurring under corner-case workloads. Most Windows desktop and notebook users will be unaffected by this change.
Click to expand...
I installed the mx500 on an old lenovo laptop replacing a dramless ssd. It works fine but freezes randomly after screen lock. Sometimes once every day and today twice. I just updated the firmware to M3CR047 using storage executive. Had to run crystaldiskmark in the background to write to the SSD else it won't update?
The error msg is:

"Firmware Update Error Command aborted by the drive Firmware Update Error API Message: Upgrading drive Drive0 [Serial No. 2415E8A6D747] to M3CR047 Firmware Update on Drive0 failed with status 12"

Have to Run crystaldiskmark in the back ground before it can update firmware.
 
You must log in or register to reply here.
Top