News Crucial MX500 SSD firmware susceptible to buffer overflow security vulnerability

[Admin]

Crucial's old MX500 series SSDs are vulnerable to buffer overflow attacks. A fix or information on which firmware updates are impacted is unknown.

Crucial MX500 SSD firmware susceptible to buffer overflow security vulnerability : Read more

 

[-Fran-]

Oh boy. I have a lot of these lil' babies around.

Good thing I don't run stupid things from the Internet in my PCs.

Regards.

 

[bit_user]

Oh boy. I have a lot of these lil' babies around.

These have been a good workhorse, for me. I've never had one fail, but a guy I know had one or two Crucial SSDs fail within the first 6 months and I think he said the model was MX500.

I have two Crucial SSDs about 10 years old that are still in service. One is in my PS3 and another is in a PC that's used quite regularly.

BTW, If you open them, even the 2 TB model is mostly empty space, inside.

 

[Amdlova]

Bx500 tend to fail... MX500 last forever... great drivers
But is too old for now... Will have lots of breaches...
:S

 

[Dementoss]

How great is the likelihood of domestic PCs being attacked in this way?

 

[bit_user]

How great is the likelihood of domestic PCs being attacked in this way?

Low. A normal program can't just send garbage commands to a SSD. An attacker would need to hack a device driver, the kernel, or maybe run something during UEFI that does it.

Not only that, but it sounds like it's only capable of reading data from the drive, not modifying it. However, if you're in a position to send arbitrary commands to the drive, then you can probably also send it commands to do other nefarious things.

As @-Fran- implied, pretty much any attack vector would involve some malware being installed on your PC, as a prerequisite.