CVE-2024-47974 – A race condition vulnerability in Solidigm DC P... (How to Fix)

Q: What is the severity of CVE-2024-47974?

CVE-2024-47974 has a CVSS score of 4.4 (MEDIUM). A race condition vulnerability in Solidigm DC Products during resource shutdown could allow an attacker to cause a denial of service. This affects systems using vulnerable Solidigm storage products. The vulnerability requires local access to exploit.

📋 TL;DR

A race condition vulnerability in Solidigm DC Products during resource shutdown could allow an attacker to cause a denial of service. This affects systems using vulnerable Solidigm storage products. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:

Solidigm DC Products (specific models not detailed in reference)

Versions: Not specified in available reference

Operating Systems: All operating systems using affected Solidigm products

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Solidigm DC storage products. Check vendor advisory for specific model details.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unresponsive storage device leading to data unavailability

🟠

Likely Case

Temporary service interruption or degraded storage performance

🟢

If Mitigated

Minimal impact with proper access controls and monitoring

🌐 Internet-Facing: LOW - Requires local access to exploit

🏢 Internal Only: MEDIUM - Internal attackers with local access could disrupt storage services

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Race condition exploitation requires precise timing and local access

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified - check vendor advisory

Vendor Advisory: https://www.solidigm.com/support-page/support-security.html

Restart Required: Yes

Instructions:

1. Visit Solidigm security advisory page
2. Identify affected product and version
3. Download and apply firmware/software update
4. Restart system to apply changes

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and administrative access to systems with Solidigm products

Monitor system stability

all

Implement monitoring for storage device crashes or performance degradation

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access
Deploy monitoring for denial of service indicators and have incident response ready

🔍 How to Verify

Check if Vulnerable:

Check Solidigm product firmware version against vendor advisory

Check Version:

Use Solidigm management tools or check device firmware in system BIOS/UEFI

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected storage device disconnections
System crash logs related to storage drivers
Performance degradation alerts

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Storage device error OR system crash AND Solidigm product

📊 Metadata

CVE ID: CVE-2024-47974

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

Published: October 7, 2024

Last Updated: October 31, 2024

🔗 References

https://www.solidigm.com/support-page/support-security.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47974, you might also want to check these: