CVE-2021-42990

Name of the Vulnerable Software and Affected Versions FlexiHub For Windows versions 2.0.4340 through 5.3.14268

Description The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B.

Recommendations For versions 2.0.4340 through 5.3.14268, consider disabling the IOCTL Handler 0x22001B as a temporary workaround until a patch is available. Restrict access to the vulnerable IOCTL handler to minimize the risk of exploitation. Avoid using specially crafted I/O Request Packets in the affected handler until the issue is resolved.