CVE-2026-23762
Unknown Unknown - Not Provided
Unhandled Exception in VB-Audio Drivers Causes Local DoS (BSoD

Publication date: 2026-01-22

Last updated on: 2026-01-22

Assigner: VulnCheck

Description
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-22
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23762
EUVD
EUVD-2026-3822
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
vb-audio voicemeeter to 1.1.1.9 (inc)
vb-audio voicemeeter_banana to 2.1.1.9 (inc)
vb-audio voicemeeter_potato to 3.1.1.9 (inc)
vb-audio matrix to 1.0.2.2 (inc)
vb-audio matrix_coconut to 2.0.2.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-755 The product does not handle or incorrectly handles an exceptional condition.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23762 is a vulnerability in VB-Audio virtual audio drivers used by Voicemeeter and Matrix products. The drivers improperly handle exceptions when mapping non-paged pool memory into user space using the Windows kernel function MmMapLockedPagesSpecifyCache. If the mapping fails, such as when a process runs out of virtual address space, an exception is raised but not caught by the driver. This causes a kernel crash (Blue Screen of Death) with a SYSTEM_SERVICE_EXCEPTION error, allowing a local unprivileged user to trigger a denial-of-service condition on affected Windows systems. [1]

Impact Analysis

This vulnerability can impact you by allowing a local, unprivileged user to cause a denial-of-service (DoS) on your Windows system. Specifically, it can trigger a kernel crash (Blue Screen of Death), disrupting system availability and potentially causing loss of unsaved data or requiring a system reboot. [1]

Detection Guidance

This vulnerability causes a kernel crash (Blue Screen of Death) with a SYSTEM_SERVICE_EXCEPTION error and STATUS_NO_MEMORY code when triggered. Detection involves monitoring for such BSoD events on affected Windows systems running vulnerable VB-Audio virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, vbaudio_vmvaio3*.sys). You can check for recent system crashes with Event Viewer or by analyzing Windows crash dump files. Specific commands include using 'wevtutil qe System /q:"*[System[(EventID=1001)]]" /f:text /c:10' to query recent crash events or using 'Get-WinEvent -FilterHashtable @{LogName="System";ID=1001} -MaxEvents 10' in PowerShell. Additionally, verifying the presence and version of the vulnerable drivers can be done with 'driverquery /v | findstr /i vbvoicemeetervaio64' or similar commands for other driver names. [1]

Mitigation Strategies

Immediate mitigation steps include updating the VB-Audio software (Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, Matrix, and Matrix Coconut) to versions later than those affected (versions ending in 1.1.1.9, 2.1.1.9, 3.1.1.9, 1.0.2.2, and 2.0.2.2 respectively). If updates are not available, restricting local unprivileged user access to the affected systems or disabling the vulnerable virtual audio drivers temporarily can reduce risk. Monitoring for and responding to system crashes caused by this vulnerability is also recommended until patches are applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23762. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart