CVE-2026-23764
Unknown Unknown - Not Provided
Memory Corruption in VB-Audio Drivers Causes Local DoS

Publication date: 2026-01-22

Last updated on: 2026-01-22

Assigner: VulnCheck

Description
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers allocate non-paged pool and map it into user space, where a length value associated with the allocation is exposed and can be modified by an unprivileged local attacker. On subsequent IOCTL handling, the corrupted length is used directly as the IoAllocateMdl length argument without adequate integrity checks before building and mapping the MDL, which can cause a kernel crash (BSoD), typically PAGE_FAULT_IN_NONPAGED_AREA. This flaw allows a local user to trigger a denial-of-service on affected Windows systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-22
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23764
EUVD
EUVD-2026-3814
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
vb-audio voicemeeter to 1.1.9 (inc)
vb-audio voicemeeter_banana to 2.1.9 (inc)
vb-audio voicemeeter_potato to 3.1.9 (inc)
vb-audio matrix to 1.0.2.2 (inc)
vb-audio matrix_coconut to 2.0.2.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-823 The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23764 is a vulnerability in the virtual audio drivers of VB-Audio's Voicemeeter and Matrix software. The drivers allocate non-paged pool memory and map it into user space, exposing a length value that an unprivileged local attacker can modify. When the driver later handles IOCTL requests, it uses this corrupted length value without proper integrity checks to allocate memory, which can cause a kernel crash (Blue Screen of Death) due to invalid memory access. This flaw allows a local user to trigger a denial-of-service on affected Windows systems. [5, 2]

Impact Analysis

This vulnerability can be exploited by a local attacker with low privileges to cause a denial-of-service (DoS) condition on affected Windows systems running VB-Audio's Voicemeeter or Matrix software. The attacker can trigger a kernel crash (BSoD), leading to system instability and potential disruption of audio services or other operations dependent on the system's availability. [5, 2]

Mitigation Strategies

To mitigate this vulnerability, update the VB-Audio software to the latest versions that include the security patches addressing CVE-2026-23764. Specifically, update the VAIO driver to version 3.4.1.7 or later, as this version contains fixes for this and related vulnerabilities. Applying these updates will prevent exploitation of the IOCTL handling flaw and improve driver stability and security. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23764. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart