Home

Description

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.

PUBLISHED Reserved 2026-01-15 | Published 2026-01-22 | Updated 2026-01-22 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-755 Improper Handling of Exceptional Conditions

Product status

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Credits

Klaus Hahnenkamp finder

References

github.com/emkaix/security-research/tree/main/CVE-2026-23762 technical-description exploit

forum.vb-audio.com/viewtopic.php?p=7574 release-notes patch

forum.vb-audio.com/viewtopic.php?p=7527 release-notes patch

vb-audio.com/ product

www.vulncheck.com/...rs-dos-via-mmmaplockedpagesspecifycache third-party-advisory

cve.org (CVE-2026-23762)

nvd.nist.gov (CVE-2026-23762)

Download JSON