Submit #156113: flexihub, fusbhub.sys, DoSinfo

Titleflexihub, fusbhub.sys, DoS
DescriptionVersion: flexihub 5.5.14691.0, fusbhub.sys 9.2.2343.0 https://www.flexihub.com/ Impact: Denial of Service Description: From IoControlCode 0x220088, a normal user can cause null pointer dereference due to the lack of validating SystemBuffer. Reproduce: In the attached file DoS.zip, there are DoS.exe, DoS.cpp, flexihub.exe, and fusbhub.sys. DoS.exe is the PoC to cause BSOD where flexihub.exe contains the vulnerable driver fusbhub.sys installed, and DoS.cpp is the source code of DoS.exe. To reproduce the issue, install flexihub.exe and execute DoS.exe. It is expected that the system will crash (BSOD) once DoS.exe is executed. Password for attachment: DoS https://drive.google.com/file/d/1h-7fnmb31bkEW4FoLNDlneftDqS4TQHT/view?usp=sharing
Source⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned45
User
 Zeze7w (UID 40823)
Submission05/13/2023 13:14 (3 years ago)
Moderation05/24/2023 19:15 (11 days later)
StatusAccepted
VulDB entry229851 [FlexiHub 5.5.14691.0 IoControlCode fusbhub.sys 0x220088 null pointer dereference]
Points20

Do you need the next level of professionalism?

Upgrade your account now!