CVE-2024-42642

MEDIUM

Micron Crucial MX500 Series - Buffer Overflow

Title source: llm

Description

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.

Exploits (1)

nomisec WRITEUP 14 stars

by VL4DR · poc

https://github.com/VL4DR/CVE-2024-42642

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.crucial.com/support/ssd-support/mx500-support

[Broken Link] http://microncrucial.com

[Exploit, Third Party Advisory] https://github.com/VL4DR/CVE-2024-42642/tree/main

Scores

CVSS v3 6.7

EPSS 0.0154

EPSS Percentile 81.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787 CWE-120

Status published

Products (1)

crucial/mx500_firmware m3cr046

Published Sep 04, 2024

Tracked Since Feb 18, 2026