CVE-2024-42642

MEDIUM

Micron Crucial MX500 Series - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42642. PoCs published by VL4DR.

AI-analyzed exploit summary Technical analysis of CVE-2024-42642, detailing three bugs in the firmware update mechanism of the Silicon-Motion SM2259 controller used in MX500-series SSDs. The bugs involve integer underflows and overflows leading to memory corruption and controller hangs.

Description

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.

Exploits (1)

nomisec WRITEUP 14 stars
by VL4DR · poc
https://github.com/VL4DR/CVE-2024-42642

Technical analysis of CVE-2024-42642, detailing three bugs in the firmware update mechanism of the Silicon-Motion SM2259 controller used in MX500-series SSDs. The bugs involve integer underflows and overflows leading to memory corruption and controller hangs.

Classification
Writeup 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Silicon-Motion SM2259 controller firmware M3CR046
No auth needed
Prerequisites: Physical or logical access to an MX500-series SSD with SM2259 controller · Ability to send crafted ATA PIO DOWNLOAD-MICROCODE commands
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.7
EPSS 0.0053
EPSS Percentile 40.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-120 CWE-787
Status published
Products (1)
crucial/mx500_firmware m3cr046
Published Sep 04, 2024
Tracked Since Feb 18, 2026