CVE-2024-42642

Published: Sep 4, 2024Modified: Feb 4, 2026

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.

Affected (1)

Products: Crucial: Mx500 Firmware

Crucial

1 product

Mx500 Firmware

Configuration A

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Crucial Mx500 Firmware	Version m3cr046

Running on/with	Platform Versions
Crucial Ct1000mx500ssd1	All versions
Crucial Ct2000mx500ssd1	All versions
Crucial Ct250mx500ssd1	All versions
Crucial Ct4000mx500ssd1	All versions
Crucial Ct500mx500ssd1	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

http://microncrucial.com

Source: cve@mitre.org

Broken Link

https://github.com/VL4DR/CVE-2024-42642/tree/main

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.crucial.com/support/ssd-support/mx500-support

Source: cve@mitre.org

Timeline

No history available yet.