- flexihub 5.5.14691.0, fusbhub.sys 9.2.2343.0
- https://www.flexihub.com/
Denial of Service
From IoControlCode 0x220088, a normal user can cause null pointer dereference due to the lack of validating SystemBuffer.
In the attached file DoS.zip, there are DoS.exe, DoS.cpp, flexihub.exe, and fusbhub.sys. DoS.exe is the PoC to cause BSOD where flexihub.exe contains the vulnerable driver fusbhub.sys installed, and DoS.cpp is the source code of DoS.exe. To reproduce the issue, install flexihub.exe and execute DoS.exe. It is expected that the system will crash (BSOD) once DoS.exe is executed. Password for attachment: DoS https://drive.google.com/file/d/1h-7fnmb31bkEW4FoLNDlneftDqS4TQHT/view?usp=sharing