CVE-2023-2872

Name of the Vulnerable Software and Affected Versions FlexiHub version 5.5.14691.0

Description A problematic vulnerability has been found in the library fusbhub.sys of the component IoControlCode Handler, affecting the function 0x220088. This leads to a null pointer dereference. The attack must be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For FlexiHub version 5.5.14691.0, as a temporary workaround, consider disabling the function 0x220088 in the library fusbhub.sys until a patch is available. Restrict access to the IoControlCode Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.