CVE-2026-23762
Unhandled Exception in VB-Audio Drivers Causes Local DoS (BSoD
Publication date: 2026-01-22
Last updated on: 2026-01-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vb-audio | voicemeeter | to 1.1.1.9 (inc) |
| vb-audio | voicemeeter_banana | to 2.1.1.9 (inc) |
| vb-audio | voicemeeter_potato | to 3.1.1.9 (inc) |
| vb-audio | matrix | to 1.0.2.2 (inc) |
| vb-audio | matrix_coconut | to 2.0.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-755 | The product does not handle or incorrectly handles an exceptional condition. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23762 is a vulnerability in VB-Audio virtual audio drivers used by Voicemeeter and Matrix products. The drivers improperly handle exceptions when mapping non-paged pool memory into user space using the Windows kernel function MmMapLockedPagesSpecifyCache. If the mapping fails, such as when a process runs out of virtual address space, an exception is raised but not caught by the driver. This causes a kernel crash (Blue Screen of Death) with a SYSTEM_SERVICE_EXCEPTION error, allowing a local unprivileged user to trigger a denial-of-service condition on affected Windows systems. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local, unprivileged user to cause a denial-of-service (DoS) on your Windows system. Specifically, it can trigger a kernel crash (Blue Screen of Death), disrupting system availability and potentially causing loss of unsaved data or requiring a system reboot. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes a kernel crash (Blue Screen of Death) with a SYSTEM_SERVICE_EXCEPTION error and STATUS_NO_MEMORY code when triggered. Detection involves monitoring for such BSoD events on affected Windows systems running vulnerable VB-Audio virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, vbaudio_vmvaio3*.sys). You can check for recent system crashes with Event Viewer or by analyzing Windows crash dump files. Specific commands include using 'wevtutil qe System /q:"*[System[(EventID=1001)]]" /f:text /c:10' to query recent crash events or using 'Get-WinEvent -FilterHashtable @{LogName="System";ID=1001} -MaxEvents 10' in PowerShell. Additionally, verifying the presence and version of the vulnerable drivers can be done with 'driverquery /v | findstr /i vbvoicemeetervaio64' or similar commands for other driver names. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the VB-Audio software (Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, Matrix, and Matrix Coconut) to versions later than those affected (versions ending in 1.1.1.9, 2.1.1.9, 3.1.1.9, 1.0.2.2, and 2.0.2.2 respectively). If updates are not available, restricting local unprivileged user access to the affected systems or disabling the vulnerable virtual audio drivers temporarily can reduce risk. Monitoring for and responding to system crashes caused by this vulnerability is also recommended until patches are applied. [1]