Cyber Resilience

CVE-2024-42642

MediumPublic PoC

Published: 04 September 2024

Published
04 September 2024
Modified
05 February 2026
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0154 81.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42642 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Crucial Mx500 Firmware. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 18.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated…

more

in December 2024 and that updated firmware is available through Crucial’s official support page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
T1542.002 Component Firmware Stealth
Adversaries may modify component firmware to persist on systems.
Why these techniques?

Buffer overflow vulnerability in SSD controller firmware, triggered by crafted ATA firmware update packets, enables endpoint DoS via controller crash/hang (T1499.004) and facilitates persistence through component firmware exploitation/modification (T1542.002).

Affected Assets

crucial
mx500 firmware
m3cr046

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References