CVE-2026-23762 is a vulnerability classified under CWE-755 (Improper Handling of Exceptional Conditions) found in VB-Audio Software's Voicemeeter (Standard, Banana, Potato) and Matrix products. The issue resides in their virtual audio drivers (e.g., vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys) which use the Windows kernel function MmMapLockedPagesSpecifyCache to map non-paged pool memory into user mode address space. This function can raise exceptions if the process has exhausted its available virtual address space. The drivers fail to properly catch these exceptions, leading to an unhandled exception that causes a kernel crash (Blue Screen of Death) with the error SYSTEM_SERVICE_EXCEPTION and STATUS_NO_MEMORY. This results in a denial-of-service condition that can be triggered by any local unprivileged user without requiring authentication or user interaction. The vulnerability affects versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 for Voicemeeter products and 1.0.2.2 and 2.0.2.2 for Matrix products and earlier. The CVSS 4.0 base score is 6.9, reflecting a medium severity due to local attack vector and no privilege or user interaction requirements. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The flaw primarily threatens system stability by enabling local denial-of-service attacks that crash the Windows kernel, potentially disrupting audio services and other dependent applications.

For European organizations, the primary impact of CVE-2026-23762 is the risk of local denial-of-service attacks causing system crashes and service interruptions. Organizations relying on VB-Audio's Voicemeeter and Matrix software for audio routing, mixing, or broadcasting—such as media companies, broadcasters, content creators, and call centers—may experience operational disruptions. The kernel crashes could lead to downtime, loss of productivity, and potential data loss if systems are not properly backed up or if crashes occur during critical operations. Although the vulnerability does not allow privilege escalation or remote code execution, the ability for any local user to trigger a system crash without authentication poses a risk in multi-user environments or shared workstations. This could be exploited by malicious insiders or through compromised local accounts. The lack of user interaction requirement increases the risk in automated or unattended systems. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation. Organizations with strict uptime requirements or those operating in regulated sectors may face compliance and reputational risks if disruptions occur.

1. Restrict local user access on systems running affected VB-Audio software to trusted personnel only, minimizing the risk of malicious or accidental triggering of the vulnerability. 2. Monitor system logs and Windows Event Viewer for signs of SYSTEM_SERVICE_EXCEPTION or STATUS_NO_MEMORY Blue Screen errors that may indicate exploitation attempts. 3. Implement application whitelisting and endpoint protection to detect and prevent unauthorized execution of suspicious processes that might trigger the flaw. 4. Isolate critical audio processing systems from general user environments to reduce exposure to unprivileged users. 5. Regularly back up system and configuration data to enable rapid recovery from crashes. 6. Engage with VB-Audio Software for updates and apply patches promptly once released. 7. Consider deploying virtualization or sandboxing techniques for audio processing applications to contain potential crashes. 8. Educate local users about the risks of running untrusted code or scripts that could exploit local vulnerabilities. 9. Review and harden system memory and resource limits to prevent exhaustion scenarios that trigger the exception. 10. Coordinate with IT and security teams to develop incident response plans specific to denial-of-service conditions caused by kernel crashes.