Home

Description

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.

PUBLISHED Reserved 2026-01-15 | Published 2026-01-22 | Updated 2026-01-22 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-824 Access of Uninitialized Pointer

Product status

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Credits

Klaus Hahnenkamp finder

References

github.com/emkaix/security-research/tree/main/CVE-2026-23761 technical-description exploit

forum.vb-audio.com/viewtopic.php?p=7574 release-notes patch

forum.vb-audio.com/viewtopic.php?p=7527 release-notes patch

vb-audio.com/ product

www.vulncheck.com/...er-file-object-fscontext-initialization third-party-advisory

cve.org (CVE-2026-23761)

nvd.nist.gov (CVE-2026-23761)

Download JSON