One of the most popular SATA SSD brands, the Crucial MX500, has a vulnerability in its firmware version M3CR046. Apparently, specific ATA packets issued from the host can trigger a buffer overflow in the drive, cause data leaks. The vulnerability has been chronicled as CVE-2024-42642. At this point we're not sure if older versions of firmware for the MX500 are affected. M3CR046 happens to be the latest firmware version we could see in the Crucial Storage Executive app, which means the company is still working on a firmware update.

More...