Unfortunate news concerning Crucial and its MX500 solid-state drives, as they have been exposed to a security vulnerability. If you are utilizing the most recent firmware version, potential attackers may be able to pilfer your data or run code on your device!
The vulnerability, identified as CVE-2024-42642, stems from a flaw in the SSD controller. As reported by Guru3D, this flaw can be exploited by “sending specially crafted data packets to the SSD controller through the host system.” Essentially, the issue lies in how the controller manages incoming data, which can result in buffer overflows. Exploiting this flaw could enable data theft or the execution of malicious code.
Actual testing and exploitation of this flaw have been conducted using a Linux distribution, Ubuntu 22.04, with standard SCSI drivers. The pressing question that remains is whether this exploit is viable on other systems like Windows.
It appears that this vulnerability specifically affects the M3CR046 version of Crucial SSD firmware, which happens to be the most current iteration of the controller. If you are a user of an SSD from this series, it is highly recommended to remain vigilant for updates and procure them exclusively from the brand’s official website.
Security flaw discovered in MX500!
For more details, you can navigate to the original source here.
